Be very careful with GDPR. It may not seem important, but when you are supposed to be custodians of information that belongs to EU citizens, and you fall short of the compliance regulations, the fines are significant. In the general case, the fine for non compliance, a breach, or similar is €20m or 4 times the turnover of your company - whichever is greater.
Even as the owner of a forum, you need the relevant privacy notices in place, plus a cookies policy. I'm an EU resident by the way, and a security / privacy expert 🤔