In the current implementation of the Plugin it looks like the Information from twitter is always shown as an iframe without any option for the end user to not transfer information to twitter. I don't think this is okay in regards to the GDPR. I found a (German) online source on this issue:
https://www.internetdienste.verwaltung.uni-muenchen.de/service/dsgvo_ueberblick/social-media-dsgvo/index.html

The information twitter has on privacy and its widget are not going into detail about the GDPR:
https://developer.twitter.com/en/docs/twitter-for-websites/privacy
data-dnt seems to be set for the widget at least. But simply embedding the twitter-widget as an iframe without giving the user any kind of possibility to refuse is absolutely not okay in regards to the GDPR.

I found a brilliant GitHub issue for a different product, this is exactly what I am talking about:
trewknowledge/GDPR#33