Click & Pledge has many privacy and reporting policies in place. We believe we are GDPR compliant. However, we are reviewing the regulations in depth and will make any adjustments if necessary.
With regards to your donors, you need to show them that your organization is GDPR compliant. As a payment service provider, Click & Pledge is a "dis-interested third party" with respect to your donors.

EU donors will be expecting your organization to provide them with: "Informed Consent", "Right to Access", "Right to Erasure" and "Data Portability" for personal information that you collect and retain.
Click & Pledge helps facilitate these requirements with tools for reporting and a new feature to "Delete contact information" from donor transactions. We are also working to provide you with more information to help you define your policies to conform with GDPR where necessary.

For a quick overview of GDPR see https://www.eugdpr.org/the-regulation.html
As you tailor your policies and privacy notice to conform to the regulation, you can get more in depth information from https://gdpr-info.eu/ . This site is laid out by chapter and article with a lot of detail.
Also, feel free to view our recent Facebook Live segment on Security. We cover some high level GDPR information toward the end. https://clickandpledge.com/live-broa...live-security/