If they should be able to send emails to each other, they obviously have to see the email adresses they need to send emails to. But luckily you are using Nextcloud which is a modern solution where users can share files and send messages to each other without having to use a 1990s technology aka email. So what’s it gonna be? I’d say turn that profiles off, and you’ll be fine. 
Whether you’ll also be fine regarding the DSVGO, by just doing that, is a question that is beyond the scope of this forum.