GDPR applies to all organizations that offer goods or services to customers within and out of EU and companies with 250 + employees. Most marketers are the ones who collect customer data. They are more responsible for any communication in case of a data breach. So it is the Marketing department which should be ready to enforce GDPR.