My PSP is has issued a notice of compliance.

Effective Date: May 25, 2018 if you use PayPal as your PSP, PayPal insists you include this statement in your site's Privacy Policy:

All PayPalŪ transactions are subject to the PayPal Privacy Policy.

I link the text "PayPal Privacy Policy" to the PayPal Privacy Policy page: [paypal.com...]

I sell (memberships to my website) using Paypal and Stripe to take payments.

As I understand it, PSPs are entitled to process personal data "to ensure the performance of a contract", as long as data is

* processed legally and appropriately and with a clear view of how the information will be used;
* collected for specified, explicit and legitimate purposes;
* relevant and limited to the respective purposes;
* accurate and kept up to date;
* retained for no longer than is necessary for the relevant purposes;
* only processed if kept appropriately secure.

As Paypal and Stripe will be regarded as Processors I need to

i) ensure that they are complying with GDPR
ii) have a written contract with each of them setting out obligations etc

Stripe has a comprehensive page on GDPR and states that they are working to comply and update contracts:
[stripe.com...]

I've searched Paypal and find no statement of GDPR compliance as yet, but after much searching I found this, which also takes effect on 25th May and seems to embody GDPR without actually mentioning GDPR!

[paypal.com...]

There is also the update to the Privacy Policy to take effect on 25th May mentioned above.

I guess I will just have to hope that both Stripe and Paypal will come up with some means of getting a "written contract" before 25th May.

I've searched Paypal and find no statement of GDPR compliance as yet

The link I gave above is it. What's in effect now is their old privacy statement. This new one goes into effect on May 25 and I assume will overwrite the current one.