That’s not how that works. Like, at all.
The GDPR concerns itself specifically with personally-identifiable information (they call it PII for short) and not with general analytics. Only some information is considered PII, including stuff like name, age, gender, home address, email addresses and such things. Note that IP addresses and user agents are not personally-identifiable information under the GDPR.
Furthermore, if you collect this information and aggregate it into analytics, i.e. which countries interact with the service the most, which assets get the most interaction, etc. that information by nature is anonymous and data processors can collect that information to their heart’s content and be perfectly compliant while doing so. CloudFlare themselves only give you anonymous data!
There could possibly be an issue if he required a sign-up with an email address and collected this information on a per-user basis, but even in those cases, he’s allowed to collect the information as long as he provides clear reasons for why he’s collecting that information and has a legal basis and the user’s consent for doing so.
Please learn how the underlying policies work before you make posts asking service providers to shut down their service across the entire EU.