Not necessarily - as some private use cases are exempt (household exemption). 

Is it really forced in the consumer market?  Most of the new cellphones do have facial recognition ( FR ) and you're oblicated to use features like this if you want to use your phone in any meaningfull way. Ofcourse they tell you that this is the case and the choise is yours, but those packages have only main languages covered, often smaller languages are left out or they have translation so bad that you cannot read it. From your phone information is really easy to transfer somewhere else, where GDPR does'nt apply.

And this does'nt end there, facial recognition is coming to everywhere. People seek always easier ways to use their gadgets and FR is one of those. Pretty soon your  FaceBook will open when it  see you, Your sport store can offer new sneakers for you in the right siize when you walk in, Your grocery store can recommend you the right items for your diet etc.

What  can we do that FR is used only with the responsible manner ?  How do we force GDPR in the reality?   Should there be a "GDPR compliant" certification  for our gadgets? I can only urge everyone to participate into the work of AI standardization thru your national bodies. That ISO standard for AI has a lot to offer , but also a lot to lose...