Here is the list of things you need to consider to answer -:
-What information is being collected?
- Who is collecting it?
-How is it collected?
-Why is it being collected?
-How will it be used?
-Who will it be shared with?
-What will be the effect of this on the individuals concerned?
-Is the intended use likely to cause individuals to object or complain?
Here is the list of things which could help you achieving GDPR compliance on your Magento store -:
-Move all your trackings to Google Tag Manager
-Adds cookie consent toolbar either on the header and footer of your website
-Ability to remove personal data by individuals
-Ability to Opt-out from subscription by individuals
-Ability to export personal data
-Anonymize personal data, especially the data which is not being used for transactional purposes for example data sitting in quote table
-Update privacy policy
-Security scan
Please have a look at the following page which can help around GDPR compliance on Magento store -: