Any company (or person) that deals with personal data on your behalf are called a Processor (in GDPR language). Examples of processors include marketing companies, accountants, payment and delivery service providers, IT /cloud providers etc.
You have to maintain a list of your external service providers (processors), and the data they process, and conclude/review an agreement that defines the rules for handling your company’s personal data. Please note that having access to or just storing the data, equals processing from the GDPR point of view.
With every processor, you should have signed a Data processing Agreement (DPA). You can find more information about DPAs here.
