By doing a scan of my own

You do need to by compliant with GDPR if you are collecting any sort of PII, even if it’s just a contact form.

As for the SSL warnings, the checking service you used probably got blocked from accessing your website due to this security system: