I wouldn't rely on that form as a substitute for itemized billing.
There is a clause in GDPR saying that companies can charge for repeated requests. I would expect giffgaff to attempt to assert that requesting usage data each month constitutes repeated requests and attempt to charge those doing so, at least until there is an ICO ruling on the matter.
They may even claim such requests are excessive and simply ignore them, as they're technically allowed to do, again, until there is an ICO ruling.
I think someone will push it eventually and there will be an ICO ruling, most likely in favour of customers, and at this stage you'll probably see itemized billing become available by default as this would be easier than handling the individual requests.
Companies are approaching GDPR in one of two ways, they're either saying "To hell with it!", and throwing open data restrictions, allowing users full control and access, or they're doing the opposite forcing customers to go to the regulator for a decision before they'll do anything.
My experience of giffgaff/Telefonica is that they are very much taking the second approach.
I despise Facebook, always have, always will, but even with their "scandals", (which only exist because of users of Facebook acting in a manner which can only be described as idiotic), are behaving in a manner which is more in line with the spirit and intention of GDPR than giffgaff are.
When you have advertising companies, (which is what the likes of Google and Facebook really are), acting in a way which is more in accordance with the spirit, intention and letter of the law than a mobile company, something is very, very wrong.
I have to add though, and this is important, giffgaff are not breaking any rules or laws by forcing customers to go to the ICO for issues where no prior judgements have been issued. They probably know they'll lose because what they are doing does breach the spirit and intention of the law, but until a regulatory body passes a judgement, they're within their rights to refuse to comply unfortunately.
It's bad for customer service, it's bad for PR, it's a pain in the behind, it's a blatant delaying tactic obviously deployed to try and make people shut up and go away so the data can be used despite clear and obvious objections and thus a clear and obvious breach of the law, but until there is a dispute taken to the regulator and a judgement handed down, giffgaff are perfectly within their rights to act in such a manner.
Why they'd actually want to though is anybody's guess, especially given the likes of Google and even Facebook aren't. It's baffling, but it is what it is.