Customers are data controllers in their own right, it is up to you to be compliant and we are unable to give you legal advice around how to comply.

We can suggest that you go to the relevant Data Protection Authority website to read the guidance they have created. A list of Regulators can be found here. The ICO (UK Regulator) has also lot of helpful guides covering all aspects of GDPR.