Ian Duckworth had asked Bridport Methodist Church to remember in prayer his friend who had recently been admitted into a hospice.
He was told that wasn't possible to do by name as the friend hadn't given his consent for others to know about his sensitive information.
The new rules, which came in across Europe in May, mean that organisations who hold data need to have the consent of the person to which that data belongs.
It most commonly effects electronic communications.
Responding to the story, a spokesperson for the Methodist Church said: "Prayer is not covered by GDPR, but churches need to be mindful that details of someone's health is sensitive data."
Premier Chief Operating Officer Kevin Bennett has worked on GDPR on behalf of the charity.
Speaking on the News Hour, he said: "This was not what GDPR was intended to do.
"It was intended to deal with social media giants who were abusing data or PPI claims handlers - it was never intended to impact on who can pray for who."
Encouraging churches, who fear breaking the rules, not to give up on public prayers, he said: "Pray by using first names - that's not personaly identifying them.
"If the person can't be identified by what's shared then there's no issue with that action."
Stay up to date with the latest news stories from a Christian perspective. Sign up to our daily newsletter and receive more stories like this straight to your inbox every morning.