You have nothing to lose by waiting. And Facebook has been as shady as they possibly could be with GDPR (the Facial recognition opt-in dialog is a prime example of that. What a farce).

Sounds true to me. May 25 is the start date, and the penalties for noncompliance are insane.

I thought it worked retroactively too.

It is possible that there is some other rule in place for that, but the GDPR isn't retroactive as far as I remember.

GDPR is already active. It's just the punishment section that is not yet active. On May 25th, if a company has (still) data about you, they have to comply or (now) face the consequences.

That's a really pedantic interpretation :) It has been adopted and published, but enforcement starts May 25. Because nothing can actually happen until May 25, I think that is a more reasonable date to say that it is "active".