This isn't quite as big an issue as it first seems. It may even be an opportunity for a new product such as Remarkbox, as the existing big players are struggling. None of the existing comment/forum products give the moderator much help, so anything that does any of these three key things will have an advantage.
- Record date user gave consent and text of what they gave consent to at that time so moderator has record
- Find all comments / posts by user, and format them so moderator can send them back to user without much effort
- Delete in convincing way all users comments or posts on (verified) request
There's a fourth issue to do with not holding on to IP data, but governments may backtrack on that for now, as it is causing difficulties for suppliers - e.g DisQus.
In my country (UK) the government enforcer has said they won't go after small site owners if they at least make an effort, so at this stage if you use anything better than the norm you demonstrate that. This reduces the risk to a warning at worst, not a giant fine, so a big gain if you are worrying about compliance. Comments are a problem area, as for non-trading sites they are one of the few instances where you may end up holding data about your site visitors.
Discourse seems to be clearest on what's required, but it's expensive. https://www.discoursehosting.com/your-discourse-forum-and-the-gdpr/ Disqus is floundering.
Leave the first comment and get the conversation going!