People tend to ignore that spells are very difficult and intricate things. Unless you have innate or divinely inspired spell casting, every spell is simply too much to retain for regular people forcing spells to work for them. This goes for both components and the spell itself. If you get even the smallest detail wrong, it could be disastrous.
I think of it like an engineer or some such. Sure they have some approximate knowledge of most formulas they need for their work and they will know some by heart. But building a bridge from memory, just because they have been building bridges for twenty years won't be possible without proper preparation and work.
Also why wizards are the only class that can learn all spells. They are the only nerds on the block willing to put in the work.
You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.
While Lemmy as a system might be exempt, anyone running Lemmy for sure isn't, as long as it regularly processes data of EU citizens, which it does.
As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren't running it at all, so their software doesn't have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.