Anybody, (company or other), who is gathering, storing and retaining personally identifiable data which includes email addresses of individuals within both the EU & UK is obliged by law to have a notification to those people of the data gathered, the purpose of gathering that data, how long it is to be retained for and who will potentially have access to that data. Ideally this information should be displayed before the data is gathered and available to view afterwards.
(Note that I am not a lawyer but this is my understanding of the situation.)
Since most developers are also not lawyers and many are at least a little naïve about the law even in their own countries let alone other places this can be daunting and often leads to non-compliance.
I would like suggest trying to come up with 2 suitable warnings, (one each for public & private projects), as boilerplate text one of which can be added to both the signup/login screens and the legal pad area automatically by setting simple configuration option of "Include GDPR warning" to either "For Public Repo" or "For Private Repo".