As soon as the client's IP address touches your server you are processing personal information. E.g. I have seen many webserver which save these in their access logs.
Again, this is the reality of GDPR. It is not okay to operate a website serving EU visitors without considering GDPR implications. This is how GDPR is intended. Don't operate a website serving EU visitors if you don't have a plan on how to respond to these emails. I'm not trying to be harsh or dissuade these small websites from operating. It is just the reality of GDPR.
Again, this is the reality of GDPR. It is not okay to operate a website serving EU visitors without considering GDPR implications. This is how GDPR is intended. Don't operate a website serving EU visitors if you don't have a plan on how to respond to these emails. I'm not trying to be harsh or dissuade these small websites from operating. It is just the reality of GDPR.