The GDPR is one of the biggest bits of legislation to hit the internet and its users.

There is a lot you can do to prepare for the coming, the good news it is not being implemented as a iron fist legislation. Unlike the Sarbanes Oxley one, which scared the poop out of everyone, but actually fixed nothing. That’s the big difference between the EU and the US I guess, one creates something good for people and implements it in a controlled manner, the other makes a massive show and achieves nothing.
Guess which is which?

This legislation is being implemented as a guided hand you must comply but are not going to find yourself in court unless you blatantly ignore it. So there is no excuse not to get started. Make the first steps today.

here are some good breakdowns of what you need to look at.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know

There is a checklist here.

https://gdprchecklist.io