Do the companies in question do business in the EU? And if so, do they hold any information/collect any information regarding those customers?
IE the type of business really does not matter.
If so, then, IMO, these business' have compliance issues regarding GDPR. Even if they are not doing anything with that data you would still be considered a Data Controller and need to comply with GDPR requirements.
I am not an expert on GDPR. This is just my opinion.