That’s not entirely true. GDPR covers all forms of storing and processing PII. Wether that is a website or a desktop application, you will need to get opt in from your user to share PII with third parties.