I'm really confused as how to handle GDPR. I recently made a web for a client that is just a page with some info and a contact form. This contact form just sends an email to an adress with the users name, email, subject and message. Nothing is stored within the site. Do I need to include anything regarding the GDPR to make it compliant if I'm not storing anything or does the fact that an email is sent to my inbox count as storing data?
To be more specific that TermsFeed's answer, you're asking about article 6 of GDPR; In this case you can reasonably maintain that the processing is necessary "necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract". At the point of submission the data subject is fully in control of whether they choose to give you their information or not. It would however be a good idea to say on the form that the information they provide will not be used for any other purpose (and ideally how long it will be kept for, and where, etc), because anything strictly outside the purpose of the enquiry would indeed require consent.
Consent is normally applied to optional things – for example opting-in to marketing emails while buying something – where the additional processing is not a requirement for the primary purpose of the data collection. Consent should not be used unnecessarily because unlike the other bases for processing, it can be withdrawn unilaterally at any point by the data subject.
Another factor is that you are acting as a data processor; your client is the data controller and they have asked you to process this data on their behalf. In this situation, you are required to comply with data protection regulations applicable to processors (TLS, physical location etc, and you should have a data processing agreement in place with your client to make this clear), but the data is fundamentally not yours. The data subject has a relationship with the controller, not you as processor, so it's your client that really needs to be careful with their terms and behaviour. Not keeping any data on your servers is a very good idea; you can't lose control of data you don't have.
If the data you are handling is at all sensitive, you should conduct a data protection impact assessment (DPIA) and/or privacy impact assessment (PIA; essentially the same, but also looking at higher levels), something which sounds ominous and bureaucratic, but is actually quite straightforward and often quite an interesting exercise - CNIL (the French data protection office) has an excellent PIA app that walks you through the process.