If you are processing customer data in the EU, then you will have to comply. I am a British citizen and work for a UK bank as a digital manager. GDPR is a real minefield and a big challenge for any business. It literally covers everything and will eliminate some old school practices.
In its most simplistic understanding, GDPR aims to put data control back in the hands of the customer.
The fines that can be imposed are also huge.
If you are operating in an EU market, make sure that the privacy statement (policy) is up to date. Following this, you need an authorization and a complete membership by communication channel.