Interesting. As a starting point, the Transparency Code (which predates GDPR) includes the following on Data Protection:-
The Government believes that local transparency can be implemented in a way that complies with the Data Protection Act 1998. Where local authorities are disclosing information which potentially engages the Data Protection Act 1998, they must ensure that the publication of that information is compliant with the provisions of that Act. The Data Protection Act 1998 does not restrict or inhibit information being published about councillors or senior local authority officers because of the legitimate public interest in the scrutiny of such senior individuals and decision makers. The Data Protection Act 1998 also does not automatically prohibit information being published naming the suppliers with whom the authority has contracts, including sole traders, because of the public interest in accountability and transparency in the spending of public money.
...and this on Commercial Confidentiality:-
The Government has not seen any evidence that publishing details about contracts entered into by local authorities would prejudice procurement exercises or the interests of commercial organisations, or breach commercial confidentiality unless specific confidentiality clauses are included in contracts. Local authorities should expect to publish details of contracts newly entered into – commercial confidentiality should not, in itself, be a reason for local authorities to not follow the provisions of this Code. Therefore, local authorities should consider inserting clauses in new contracts allowing for the disclosure of data in compliance with this Code.
The spirit of this is clear and I am not aware of any part of the GDPR legislation that would override this, so I suspect that this is either a misinterpretation of the legislation or a means to reduce disclosure. One for the NALC legal bods methinks!