For the GDPR to apply you must have in your possession personal data of EU citizens (regardless of where your company or the relevant data are located). According to GDPR personal Data include name, address, social security number (in Greece referred as AMKA), health records, racial info, religious and political beliefs and even relevant photos or other media.