The tricky part.
You are not collecting (new) personal data, but you are sharing personal data. This is a tricky part within the GDPR.
You have to retroactively ask consent to your clients and tell them the purpose of sharing these data with us. If you do have consent, then it is important that you are cautious in the way of sharing this data. Don’t just email an Excel sheet full of personal data. This is sensitive information and needs to be handled with care. Make sure you use a secure way of sharing data with us. You are now the controller* of the data. This makes you responsible and you have to be compliant with the GDPR.