That depends entirely on your company. Many companies will certainly need to take additional security precautions in terms of software and hardware; for others, these security precautions may already be in place and not too much more needs to be done. However, data protection should be taken seriously in any case. Since the entry into force of the GDPR, there are already major consequences for simply ignoring data protection. Apparently, penalties of EUR 500 – 5,000 have already been imposed for rather “minor offenses” by SMEs. More details about the risks of non-compliance with the GDPR can be found here.
The GDPR also requires data protection by default and by design, which means that appropriate technical and organizational measures must be taken to comply with the principles of the GDPR and to protect data subjects.
The GDPR is also an opportunity for many companies to minimize existing risks and position themselves in the market as a reliable partner that takes data protection seriously.