GDPR compliant X certified

Do medical product that handle patient information need to be GDPR certified or they can just be compliant and stated as part of the QMS when obtaining regulatory approval?