If you keep it around to sell then you are likely violating the 'legal basis for processing' part of the GDPR. Data can only be used for the purpose for which it was originally collected, selling the data to others to use without that exact same goal can not be such a purpose, and even then you will have to be quite careful that you maintain control. Various EU data brokers (Schober, for instance) have found ways to do this in a controlled manner usually by anonymizing the data or by selling it only in aggregate form.
But selling it raw with the personal identifying information of the data subject is almost always a complete no-go.
GDPR requires informed consent for ANY type of storing or managing any kind of personal data or data which can be linked to personal data (eg email which can contain name and surname of the person behind an account), and you must be explicit on what you do and you cannot give the data to another entity without re-requiring consent for that specific purpose and declaring who will be exactly the new controller of that data.
But selling it raw with the personal identifying information of the data subject is almost always a complete no-go.