If you deal with customer data in the EU, then you must comply. I am a citizen of the United Kingdom and work for a UK bank as a digital manager. GDPR is an absolute minefield and a great challenge for any business. It literally covers everything and will eliminate some old-school practices.
In its most simplistic understanding, GDPR aims to put the control of the data back into the hands of the client.
The fines that can be delivered are also huge.
If you operate in an EU market, be sure to get the Privacy Statement (policy) to the beginning. After that, you need permission and opt for the communication channel.