This is pretty much tough calling for the websites, but not all websites do really have newsletter or forms, some of them just have the address and contact number that’s all, and these website don’t have to bother about it.
Usually websites which generate revenue online gather email id, phone numbers and other confidential information from their customers, so they need to ensure that their websites are GDPR compliant.
The forms need to state clearly what is being collected, and how it will be used and whether it is being shared with third party companies.
The opt out should be easy and clear for the customers.