there are companies doing it for you now. weebly and google are doing it for all their data and my forms are through weebly.
Once we have dealt with a contact form we just delete it forever.
it all falls down to who and how the data is stored. for me its send via email through a mail server on weebly.
We made it clear to clients all data entered will be removed once we have answered an email. most people just call us though and we have only received 1 form in 3 moths. im told weebly is in full compliance.
It boils down to a few simple things:
Do you digitaly store data, if you do does that comply with the new rules.
Does your data get transmitted through a third party such as weebly: yes then does said company comply.
For us i get a notification in my mail box to tell me there is a new form entry. I then visit weebly to see the form and after ive added th form to my offline hotel booking software (GDRP compliant also) i remove the forms even though weebly is GDRP compliant its just something ive always done for the past 3 years.
if you use any third party software to create the forms is that also compliant. its mainly about the software compliance and about how you store data.