The GDPR applies to all organizations operating in the EU or those processing “personal identifiable data” of EU residents. Personal data is any information that is personally identifiable of a living individual, such as a name, an identification number, location data, or an online identifier. A more complete definition can be found here.
What this means is, if your business is based in the EU, or processes the data of EU citizens, you need to do everything you can to comply with GDPR. Businesses need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis.
Here is some information about how Crunchbase has prepared for GDPR compliance.