Do we need to make any changes in the forum to comply with new GDPR laws?
Specifically for the forum? - then no. For the website generally - then possibly.
If you collect peoples personal data - either before GDPR or now - then you should have a privacy statement that defines what the data is for and what you do and do not do with it.
I would suggest that becomes more important if you use some sort of membership plugin that requires and collects extended personal data. As supplied, personal data within Simple:Press is inherited from the WordPress framework and any extra profile data a user submits is done so voluntarily.
The one area you may want to consider can be found on the forum admin > options > member settings. The options 'Disallow members not logged in to post as guests' and 'Store guest information in a cookie for subsequent visits' both place a cookie on the users system to aid their next visit to the forum. You may wish to turn those off or add them to your terms and conditions.
At the end of the day, the GDPR regulation, while concerned with the collection of user data and the transparency of such data collection, is more heavily concerned with the security of that data and what is done with it!