GDPR is General Data Protection Regulation is the regulation that requires all internet businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Non-compliance could cost companies dearly.
Every business needs to be compliant. If EU has access to your site, whether you sell products or not, you must be compliant.
I have done a bit of research, but implore you to do your own research as well. It’s your business after all.
This is one good resource in plain terms
This is a good source for quickly creating policies
There are also Plugins available for WordPress users to help with GDPR.
Check with your web site developer to pick out what is best for you.