The rules are reasonably simple.
1. you have to tell people what you're collecting and why
2. you have to keep it safe (and there are rules about how quickly you have to alert the ICO if you believe it's been lost / taken / stolen)
3. you can only use it for the purpose you originally collected it
4. specifically around marketing, you can only market to people who's data you've collected if they had a clear, explicit opt-in choice.
5. you can keep data for as long as it is required, defined by a number of purposes.
So, you don't need to remove their data once the project is complete. If you believe you need to keep contracts or consent forms (and in some cases, you're legally required to), then it's fine to keep that data. What you must do is keep it secure, and not use it for marketing, or sell it to someone else if you never said you would, etc., etc.
As I said in the other thread, for most photographers, as long as you're not using the contact details to market to people, then you've got nothing to worry about. If you do use it to market to people (including 'mailing lists'), then you should probably re-seek consent using clear opt-in language, to ensure compliance.
Otherwise, keep it secure, and keep it only for as long as you need to.
NB: I'm not a lawyer, or in any way a data protection professional. There are nuances to the act which probably don't affect photographers but people may want to be aware of (for example, your right to have your data re-processed by a human if you weren't aware it was being processed initially by an algorithm, for example, for car insurance).