All configurations are made in the User - Profile History plugin. There are 2 settings in this plugin, but don't let that fool you. Each is a repeating field accepting a virtually unlimited number of entries.
The first is "Ignore Fields". These are fields which can be changed and not recorded. You may consult your legal council regarding ignoring fields, as it may not be GDPR compliant. This extension was written to be useful outside of GDPR regulations.
The second (located on the "Change Notification" tab) deals with notifications. This is where your GDPR specific configurations are made.
Items specified here will trigger a notification when changed. The notification can be sent to the admin, the user or both. You will likely need to specify most, if not all of your user fields in order to maintain compliance. There may be cases where the data is used entirely for internal purposes, but you should consult with your legal council to determine what can be omitted.
The flexibility of monitored elements required a unique method of identifying fields. I found that a dot path fit my use case, so in order to identify fields, you need to understand how the dot path is created. More on that on the next page.