According to my understanding of GDPR, the data would need to contain personal information i.e. something that allows you to link it to an identifiable person. Quick search on google gives the following definition of personal data [1]:
"Personal data are any information which are related to an identified or identifiable natural person."
So if there is no personal data in the logs, it should not be a GDPR breach.
Not sure how far fetched an accusation can be in this case.
If the data is accessible in plain text on a device that is clearly linked to an identifiable natural person, which is data that an attacker can easily access, the point of "just this one log file not containing the data" is pretty much mute.
It really is interesting. Apple could potentially claim that they didn't connect Personally Identifiable Information with the leaked health data, but a third party app, which gathered that data, did.
Depends on what exactly was in the logs. Did it contain my emergency contact from Apple Health? Or my own contact data? That would be bad.
You can see the logs in JSON inside Settings app. Also if two vulnerabilities are used together, you can get full name and email and connect it to health data
"Personal data are any information which are related to an identified or identifiable natural person."
So if there is no personal data in the logs, it should not be a GDPR breach.
[1] https://gdpr-info.eu/issues/personal-data/