They can 'opt out' in that way for customer data but they'll still need to conform for their employee data ( and that of potential [CVs] or ex-employees [Personnel Records] ).
We hired a full time GDPR person to manage it where I work. Thankfully, with nearly 400 employees, we're big enough to absorb the cost. Could be a very different story for many smaller companies.