MassMailer is a native Salesforce Email solution that uses the SendGrid Email platform to send emails. MassMailer does not store any data outside of Salesforce. MassMailer delivers emails to SendGrid to process. SendGrid stores the email activity for a maximum of 30 days before it deletes it. SendGrid does retain some information such as the suppression list, unsubscribes, bounces, spam reports.
SendGrid is GDPR compliant as of May 25, 2018. Please note that SendGrid does not – and does not currently have plans to – use servers or data centers in the European Union to process email. Thus, SendGrid cannot restrict data to the EU. However, neither the current EU law nor the GDPR requires this. SendGrid does offer a Data Processing Addendum (DPA) to provide such adequate safeguards, which includes provisions for when GDPR goes into effect.
More info on GDPR can be found here. SendGrid's DPA can be reviewed and signed by filling out the information here.
The following is additional helpful documentation as well: