Every webserver and web application has to deal with personal data. Either logins, names etc. or even IP addresses in logfiles or maybe even anti-spam plugins, analytics systems as well as cookies and social media buttons.
What is your site doing with all that data and what does the new General Data protection Regulation mean for your website or hosting company?