iOS14: Should both ATT prompt and GDPR consent be shown to collect first party data?

It depends on how you plan on using the email address collected for the user. The ATT guidelines require ATT permission for "tracking", and:

Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers.

So if you are using the email address just to send them email or keep track of their data internally, that seems fine, but if you are  linking the email with data collected from other companies then you need ATT approval. 

If you are planning on uploading email addresses to Facebook or other ad companies for lookalikes or retargeting purposes, or basically giving the email address to any company outside your system, then you are in ATT territory.

Hope this helps!

Keep in mind that ATT applies to advertising tracking. If you want to collect a user's email for the purposes of eg. internal analytics or promotion (like sending them a welcome email, or sending them a special offer) then you're really only bound by GDPR constraints. Exposing the user to a GDPR consent form is probably more of a necessity than exposing them to an ATT prompt: you can skip the ATT prompt altogether if you don't plan to collect data for the purposes of ad tracking.

Note that fingerprinting is not allowed under iOS14 guidelines if the user has not opted into ATT.