Yes, information on the blockchain can't be deleted the same way as from traditional databases, but since all personal information is encrypted by the person's private key, they can easily "delete" the information by destroying their private key (delete their private key file, destroy all the physical copies of the keys, etc). The encrypted information will stay in its encrypted form as there's no private key that could decrypt it. The information is not deleted per say, but it is not accessible to anyone.
When the GDPR rules were created the authorities didn't really think about using blockchain as the solution for data breaches, so some of the rules are not so well defined in the context of blockchain technology. But the main thing is that blockchain technology can offer much-much higher security to private information than any traditional database counterpart, and data security IS the main reason for the new regulations.
Hope this answers some of your questions. :)