Doesn't really matter WHY the client wants you to delete your files and send them everything.
It seems to me the client is using GDPR as an excuse and nothing more. I mean, practically any design is promotional material and any possible personal information - name, address, contact, email, etc. - was made public information via the promotions themselves. It's not "personal stored data". Your client is being terribly sketchy here, in my opinion.
Charge for the file delivery. After you receive payment, send the files and a letter explaining all the files will be removed from your machines and backups and you will no longer retain any files related to the client, once you have been notified they received the files. Then go in and actually remove everything after you get confirmation of receipt (since they have paid for this).
Remember, even if they pay you, you can't send them any fonts or stock images you purchased and used. Those are generally licensed to you and sharing those items would put you in breach of any license agreement related to them. The client will need to go and purchase any necessary fonts and images to support the designs.
It's the client's problem if they later need something altered or created. You merely need to be certain you are paid for the files.
If the client doesn't want to pay for anything... don't give them the files, don't delete anything. They are your files. No outside party can force you to do anything with your business assets (other than law enforcement).
If the client starts waffling and becomes belligerent and demands files, merely politely refuse unless payment is received.
Worse case scenario, you lose this client (which you're going to do anyway from the sound of things), and the client feels they need to make some spectacle of the matter and file a lawsuit or something. The suit, in my opinion, has a low probability. However, they may bring that up to use as a tactic toward bullying you into doing what they want. While I'm not a lawyer, I doubt they'd win a suit forcing you to remove your business assets.
In short, my stance would be:
I'm happy to. Price for all the files is $X. Once payment is received, I'll forward everything I have and then subsequently remove it all from my systems once I know you've received it.
Client:
We aren't paying
Me:
Then I'm sorry. I won't deliver files, or delete anything, without payment.
Client:
We'll sue!
Me:
Okay. You are free to do what you feel is necessary. Price for my business assets as they relate to the work I've completed for [company name] is $x. I am very happy to comply with your request once payment is received. Thank you.
I've worked on highly secretive projects where company data was private and intended to remain private within a small group. This was always presented to me as highly sensitive data that is "not to be shared with anyone". I'm not talking about any non-disclosure agreement, more general data that I had privy to in order to complete a project (mostly company financials). The clients for these projects always presented this matter up front at the start of projects. So, I was aware of the confidentiality. But even dealing with multi-million dollar companies in this manner, they've never asked that I remove and delete my files, they merely ask that I maintain the privacy of the files.
If these clients were to ask me to remove things and send them all the files, I would certainly understand the request. But I'd also certainly charge them for delivering files.
If they just wanted me to delete files without delivering them, I'd probably negotiate a settlement... as in... I remove the private data from the pieces but keep the design in tact for use as portfolio samples. Giving them approval of the altered designs so they could verify the private information had been removed.
Work-for-hire: if you are under a work-for-hire agreement, or an "employee", then they actually own everything. Comply with their request without payment or issue. The files aren't yours.