GDPR for Mobile Apps


I’ve been doing some reading and trying to prep my app for GDPR. Outside of encryption, privacy policies and allowing a user to access all of their information. If going forward I continue to use ad SDK’s and a user decides to enable their “right to be forgotten” does the information that has been shared have to be erased as well? Not expecting anyone to know the exact answer but would be good to get another opinion.