You may be right Duane but where is that exemption stated?
In fact my old groups did function that way because the group acted as an anonymising intermediate.
Believe me when I say I have mixed feelings about data privacy interfering with good things like hobby groups.
GDPR is meant to protect individuals from the likes of Facebook, Verzion etc not from small special interest groups like these. However it does not make that distinction.
One should not assume it's all been done for you if you're a group owner. It sounds to me as though it actually has, but the owners share responsibility. Ideally both are aware.
Apart from actually protecting the data being desirable, I seriously doubt any group owner would ever face prosecution. No money in it and group members might get upset and cancel but are very unlikely to sue.
It's one of those legal technicalities that's unlikely to be enforced.