You raised a very good point Omkar Neogi, the user identity cannot be easily discovered from the hashes (this is pretty much in compliance with pseudonymization techniques from the article).
Disclaimer: I’m not a lawyer and just sharing my “thoughts” as you asked:
Your assumption was right. If a company uses blockchain to track users without their consent or a legal basis (as mentioned under “When you DON’T need user consent” in the article), they are violating GDPR.
They don’t necessarily have to identify the user. For example if by knowing that you have bought 5 BTC they start showing you ads about spending that money, they are still using part of your data without a legal basis. When you do the transaction to buy 5 BTC your purpose is to buy and the trace you leave is relevant to that transaction. However if a company can link your trace with other information (like geolocation, cookies, etc.) that they’ve obtained from another site, they are violating GDPR.