4 answers
GDPR is not to do with enforcing email collection for lead creation. It's about having the consent to send emails to the lead, only keeping their data while you need to, and giving them the option to remove it.
Email is not the only piece of personal information you shouldn't be keeping - phone number, address, date of birth, anything you can use to identify an individual.
So to answer your question: no. You are not keeping GDPR compliant by the mere act of forcing you to collect the email address. If anything, that makes you LESS compliant because you're collecting more personal information. It could be that your admin devised some GDPR mechanisms that RELY on having an email address, such as sending them your company policy on data protection, in which case it is a reasonable request to ask for that information.
