Yes. If the GDPR applies to you or not does not depend on the size of your organisation but rather if you are processing, saving or using personal data (e.g. names of your customers, telephone numbers or email addresses) in any way.
One-person-enterprises also have to adhere to the GDPR.
The risk for small-scale operations results from possible indemnity claims and penalties which arise from the wrong dealing with data subject requests and the documentation obligations from the GDPR.