...
Any organisation that processes personal data needs to have a legal justification for doing so. Personal data is defined in GDPR as "information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; ."
There are 6 use-cases in which you can share personal data within the EU. These remain the same from the pre-GDPR Directive and within the GDPR (Article 6).
...