I figure one way to make it safer would be to put the commercial offering on another website, under another brand name and only link to that brand from the personal website, which is more like an about me page. But I am not sure how much safer that would be.
The law says this, but there's no clear definition of what is a commercial activity:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847
2/1
> This Regulation applies to products with digital elements made available on the market, the intended purpose or reasonably foreseeable use of which includes a direct or indirect logical or physical data connection to a device or network.
3/22
> making available on the market’ means the supply of a product with digital elements for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;
Commercial activity is mentioned in the introduction, which is not legally binding:
> This Regulation applies to economic operators only in relation to products with digital elements made available on the market, hence supplied for distribution or use on the Union market in the course of a commercial activity. Supply in the course of a commercial activity might be characterised not only by charging a price for a product with digital elements, but also by charging a price for technical support services where this does not serve only the recuperation of actual costs, by an intention to monetise, for instance by providing a software platform through which the manufacturer monetises other services, by requiring as a condition for use the processing of personal data for reasons other than exclusively for improving the security, compatibility or interoperability of the software, or by accepting donations exceeding the costs associated with the design, development and provision of a product with digital elements. Accepting donations without the intention of making a profit should not be considered to be a commercial activity.