I'd suggest not worrying overly.
Here is why:
I serve as a councillor on the local council. We also have to be GDPR compliant. We belong to two professional bodies who are there just to give advice on matters such as this to their members who are all local councils.
Neither body can give us definitive advice on what we must do to comply.
Clearly we will have to comply but confusion seems to reign at the moment. It would be very easy to "over comply" at massive cost in our case and in the case of most small business.
I am also a charity trustee and we face the same problem. We have lost our database administrator as a direct consequence of GDPR as they were worried about the non-compliance issue.
Currently we are trawling our database to knock out those who's membership has lapsed. Those renewing their membership of the charity will be asked to sign off on the fact we hold a record of their name and address. We are looking at removing other data, such as DOB from the record and randomising membership number (which most of them will not like one bit).