The letter is a way for leadership to say that they told the congregations not to keep records. It is a legal maneuver. If anyone sues them the blame will fall on the publisher and not WT.
Individual publishers may indeed think they can continue making notes. But I think Watchtower is very much aware of the danger in that wrt GDPR.
Imagine a commercial enterprise that told their sales reps 'don't take any notes with private information of customers'. They tell the sales reps only once. Many sales reps continue to take notes anyway. One of the sales reps then loses his notes somewhere and they get out in the open. Or someone blows the whistle on the sales reps violating privacy laws.
Who is to blame? According to GDPR the commercial enterprise is probably judged as at fault. They should have done more to raise awareness and increase compliance with GDPR. I severely doubt that data protection authorities would rule that a single memo (that not even all employees were guaranteed to have received) would be enough to stop data collection after decades of telling employees to collect data.
Likewise I doubt Watchtower would be off the hook if they only write this single letter and it turns out many of their employees ignore that one memo.
???