I think you are looking at this the wrong way.Irrespective of being a forum or not, it's an Internet site serving people and handling sensitive data.
If you serve people within the EU or are within the EU yourself then you're governed by the GDPR just as you would be with the DPA.
You're still a data controller if running an active site with memberships/emails and so forth. You effectively have people's personally identifiable information; emails addresses, IP's, location so on so forth. This means you then are a controller.
I wouldn't say fear mongering... more that some people are getting confused and getting nervous about the do's and dont's. Most of it to be truthful, is common sense and most of it you should be already doing as good practice anyway, regardless of being a hobby or a professional site...
"You" being generic of course.
my forum does not collect and process private data, however, google analytics does the tracking, and they would be responsible to comply with GDPR law; I also do not track IPs and such, and this would be the responsibility of my server to comply with the GDPR law. Forum usernames and public content are not considered private data, and if a user wants to hide their profile, then they certainly have that right. My forum also does not collect and process private data such as credit card info, and therefore any 3rd party processors would have to comply with GDPR as it applies to them.
my forum does not collect and process the type of data that GDPR is talking about.