GDPR is about people's personal data - anybody that has access to personal data has to now follow the correct procedures in how the data is collected, stored, protected, managed and processed
So the very act of a form sending you an email with a name, email and phone information means you have to be compliant as you have access to personal data
and people have to give their consent to how you use their personal information - it needs to be clear to the submitter how their information will be used .e.g they must tick box or click a button that they consent for the information to be used in a certain way
People also have the right to delete any personal information and the ability to request the data stored on them to be sent
In regards to digital privacy generally GDPR is a huge change and the biggest for decades - it isn't aimed at small businesses but we will have to be compliant and show we are trying our best
Cheers
Paul