Of course—if you don't store personal data (trivially).
In fact, encryption (security) is mostly orthogonal to how you track and handle personal and sensitive data (privacy protection). You could encrypt everything and still be wildly GDPR non-compliant, if the encrypted information you're storing lacks clear purpose and explicit consent.
A) leaves no room for misunderstanding with different regulators or their respective auditors, and
B) provides a computationally infeasible barrier against accidental personal information disclosure even if the storage system was improperly decommissioned
Point B in particular can be explained to auditors without problems. They understand both the intent and the technical measures put in place. But how we store data is only tangentially relevant to how we handle data. Let alone what we need to collect in the first place.
(The KYC/AML/SOW requirements in gambling are quite demanding; they impose significant data collection and retention needs.)
To further emphasize your point You could encrypt everything and still be wildly GDPR non-compliant, we need to be able to respond to a request by each and every individual user to delete the information that they no longer wish us to carry.
In fact, encryption (security) is mostly orthogonal to how you track and handle personal and sensitive data (privacy protection). You could encrypt everything and still be wildly GDPR non-compliant, if the encrypted information you're storing lacks clear purpose and explicit consent.