Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.
I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if the cryptographic implementations are good enough for use by the US and allied national governments then they are probably good enough for GDPR.
since there is no whitelist of products, there are two things that could very likely be cheked during a customer or government audit or if you need to present your crypto management during contract negotiation:
Key Management (ideally managed by policy)
In terms of algorithms, there's nothing wrong with Bitlocker.
Key Management is completely up to you but might screw up the best encryption if not carried out properly.