GDPR stands for General Data Protection Regulations. If your business stores or hosts personal data then you need to comply with GDPR. This involves registration, ensuring your systems are robust and also informing the relevant authority should you suffer a data breach. Depending on the severity of the breach the fines can become substantial.
If your company needs to formally certify for GDPR compliance we recommend IASME Governance. See www.iasme.co.uk/iasme-governance/iasme-governance-audited for more information
General GDPR Advice
Think of it this way. The GDPR is like the UK speed limit. Everone needs to comply. However if your car is incapable of travelling above 30 mph then you can pretty much ignore the speed limit. If your car routinely drifts up to 40 or 50 mph then you need to be looking at the speedometer almost constantly. The GDPR is similar in that a lot of companies don't deal with personal or sensitive data. Those companies need to comply but they don't need to do a lot. Others, mostly ones that deal on a B2C basis should have appropriate guidelines, training and systems in place to show they are compliant.