i don't follow, do you mean that's a possible scenario? That's the last thing you need to worry about yet. I expect first random emails from hackers demanding coins for 'not reporting you' in the first awkward month.
email is not covered by GDPR but by the local communications acts. It will be some new EU laws in the next 2 or 3 years... So there's no problem in THAT case.
But if this email is copy/pasted in a reservation system THEN it might be covered by GDPR.
There is also a thing when user closes consent popup and the site won't redirect to invalid ip address. I have seen plenty of sites where you can close the consent popup and continue to use the site - that means they collect your data without your consent. Grotesque.
"I've a motor impairment do your hotel have accessible rooms?"
say you have your hosted email system, now you're in a huge mess.
people downvoting this should really hear a lawyer about gdpr.