In short, every company, organization and individual thare are processing or controlling datasets of their customers or website visitors will be covered by the GDPR. So it will affect any business that does have customers who reside in the EU.
In order to be GDPR-compliant, companies must handle customer data with the utmost care. But that alone is not enough, customers have to be provided with tools to control, edit and also delete any information pertaining to them. Furthermore, any data that is handled has to be protected, meaning that anonymization and encryption are two important aspects that come into play. Another very important factor is that customers have to be asked for their consent explicitly, before their data is collected and processed. That includes that you have to ask separately for every single intended purpose you want to use customer data for.