As a customer, you will need to review these 3 areas to ensure you are meeting GDPR compliance.
Follow the links below to the articles:
1) Select and document your lawful basis
4) Data Sharing Agreement/Data Processing Agreement (if sharing data with other organisations)
We would recommend you discuss your organisation's compliance with your Data Protection Officer to make sure you have the necessary policies in place.