You can use the following scheme:
1) store in open form until confirmation via SMS.
2) After confirmation, the task of combating fake accounts is completed and the open phone number is no longer needed. Now you calculate the hash with the currently stable function and store only it.
3) And if you need to recover the password from your account by sending it by SMS, then for this you suggest entering the phone number, calculate its hash, compare it with the stored one and, if it matches, send information to recover the password in SMS to the entered number.
4) Upon completion of password recovery, the entered open number is no longer needed and can be deleted (we continue to store the hash).

If you are really going to store phone numbers, without any reference to personal data that deanonymizes the user, then I think you can do it safely, because with the same success I can call the numbers and find out which of them are alive. Otherwise, if you have any additional information about the owner, you are already most likely violating the law on personal data.
But frankly, I do not understand why you need phone numbers without any other information. Even without how to contact the owner of the phone.

Well, why phones are needed is already a question of the goals of the project. In webmoney, for example, you can also enter through a phone number.
The usual encoding in md5 or sha1 will definitely not suit you, because. it's just numbers that can be easily deciphered. I usually resort to simple cryptography like
md5(substr($user_phone, 0, 4).$user_phone.substr($user_phone, 4).'myword');
Thus, in order to hack this phone, the hacker needs to get not only to your base, but also to your files on the server, which is much harder.
Of course, this system will not work if it is a Pentagon database, but this scheme is safe enough for average projects :)

Full name + phone number are not personal data, because do not allow a person to be uniquely identified. But the full name + address already allow.