From what I understand, it's just don't sell your user's data. Just make sure your terms and conditions and privacy policy are clear and up to date. This is a good guide:
https://opensource.com/article/18/4/gdpr-impact
https://termsfeed.com/blog/gdpr-privacy-policy
https://termsfeed.com/blog/gdpr-compliance-plan
Since it's just a name and email, and no other personal data, there's limited exposure. However, I'm not a lawyer and haven't run anything by a lawyer, so if you're concerned, I'd probably find an attorney to talk to. I'm looking at impact as well for the newer version of phpVMS.
Termsfeed has a privacy policy generator:
https://termsfeed.com/wizard/privacy-policy
You probably should update your terms of service as well.