GDPR doesn't prevent you from collecting personal data. It only requires you to have a clear reason for collecting everything and being transparent about what data is collected and how it is processed.
The examples here make clear that "a clear reason for collecting everything" means an ironclad justification for each field, each bit of precision, each minute of retention. That is not a casual thing. As in, one of the fines here is for retaining a phone number to fulfill a need to communicate, when postal mail could have worked instead.
It is doable, if you have the lawyers and the time. But that's not a degree of scrutiny you want to gamble your life savings on for a personal project.
"Don't need" as in "there are feasible alternatives."
HN doesn't need to know or share your username to post your comment, it is clearly possible to run a message board without usernames, and conversations could be maintained by generating a random pseudonym for each thread.
Also, the fine (if we are talking about the Danish one) was not for collecting a phone number. It was for retaining it after the retention limit (in this case 2 years, and they kept them for 5 years) without a good cause. The company argued they were and essential part of the database. People love to make GDPR look bad, but it's often not as bad as it looks from a one line summary.
