"The bogeyman of the hoarders of personal data, GDPR, also reared its head. Black Duck noted that responsibility for compliance lies not only with auditing one's own code and processes, but also ensuring that any open source in use is also compliant."
In what way does GDPR say anything about code? It's all about data, specifically personal data, and what you do with it. It makes no difference whatsoever as to the technical details of how it's processed; even your salesman's little black address book is subject to it.
I'm building raised beds in the garden. I could do with some of their top-quality BS as a soil improver.