Personal data protection for large scale public projects

I tried to get an answer to this over a year ago and thought I’d have another stab. I have a project that could be large scale. If I make it a private project then I would have to pre approve submitters which will be impractical. If I make it a public project, then all data can be seen by anybody who chooses to look. My problem is that I’d like the email address of the submitters for potential follow up. Under GDPR regulations, I have to inform the submitters when they join the project as to what personal data is collected and for what it purpose it will be used. I am unable to do this in a public project as the email addresses are visible to anyone. My original suggestion was to create a feature, perhaps at the form build level, that allows the project owner to determine what data is made available to the public. I don’t think GDPR is on the radar here as I just received an email from Epicollect to “Try our new Android app” and the email contained about 200 email addresses of other epicollect folks???

We are really sorry for the inconvenience, it will not happen again.
Please delete the email and ignore its content.

We are only trying to get some help from our community of users, If you are not interested, feel free to ignore any email from us.