Sadly you haven't used any formattings I can refer to, so I'll reply per paragraph:
#2: hashing IP addresses makes them unseekable - if you manage address ranges and want to see if an address is within this range you're not able to do so with hashes anymore. Well, you could, but that would end in comparing any hash of the range with the issued hash - they're not numerals anymore where you can predict "oh, this one is too high to even fit the range at all" or "if it won't fit the next 5 then I can skip all others". Hashes can't be the answer, as those are more or less worthless to efficiently detect intruders and unwanted clients. But I wonder if it's legal to recode addresses just to my own numbering system: I could still work on that (somehow; it will still be less efficient) but it can't be considered valuable anymore to anyone in case of unauthorized access to the data.
#3: then phpBB wouldn't know anymore if a person voted or not (hint: re-voting). Not to speak about changing one's vote(s). In the case of non-consent using polls should be forbidden.
#4: e-mail addresses are already stored whenever a user changes them - just look at your log. But since e-mail addresses are not numeric in the first place storing hashes of them would be an alternative. Now tell me how to detect unwanted members who use the same e-mail account name but a different domain... (this may be approached by storing account, domain and TLD all separately in hashes, but then again recognizing "spam2" from "spam1" would still be impossible thru hashes only).
#6: if it's reversible it isn't a hash.
#8: I understand this from the view of a person who realized that any further existing of his texts will harm him. But in my experience so far users only used this as a revenge and/or to ignite chaos. How do I protect myself from inappropriate use of that?
#9: why not prune posts and account as well? The way you read it the GDPR wants to turn BBSes into chats. Ironically I think most Facebook and alike users just use the internet like a chat nowadays: in a volatile kind.
#10: here comes the funny part: I'll just quote a couple of posts and suddenly they will also appear in "my" backup. If you look at Google's format then you'll see it can't be imported anywhere; and if you indeed let users choose amongst severals formats they will surely complain why PDF and JPG is none of them.
#11: can you elaborate? I mean, why listing this point if it should be in #10 already? Additionally this will the staff starting to use codes, just like supermarket employees do today already: "143 the 203" (stuck in toilet, medium priority).
#12: just like #8 I experienced way more misuse of this (new name to irritate others and not associate bad behaviour with your old name anymore) than understandable cases.
#18: that would require the owners to know their birthday at all - how can they assure?
#19: oh great - I'll be the first one wanting to turn off Sphinx and the extension database, as nobody has my consent - let's see how this works.
#20: don't be afraid - I encountered countless "administrators" which should never put their fingers onto a database for less reasons already. I see no big impact here, unless you have responsible people that would do that for hotfixing. This is basically a rule to not provide first aid because the victim did not consent: yes, first aid can do harm, but in most cases it's still better than not doing it.
#21: session tracking is next to impoosible without cookies, it will definitly change the user's "experience". And I thought we finally learnt it the hard way in the last years that the cookie laws were too void of technical understanding. Same thing again now?
#22: can you elaborate on "that must be done automatically by the websites/forums administration" as I'm very interested on how this can be achieved (when the baord does it it's automated, when a person does it it's manual).
#25: how do I distinguish "European" data from the rest?
#26: oh great - finally all those CDNs and third party scripts will die. Finally!
#27: immediately, I guess. Including a note that they did so.
#28: thank you, I waited to see where the GDPR can be turned into money to those who invented it. I really hope nobody uses that as argument against it...