During this transition period, which runs until the end of December 2020, it will be business as usual for data protection and compliance according to the ICO.
What should you be doing right now?
You’ll want to designate someone to lead on GDPR compliance.
If you’re a one-person business, that’ll be you.
You need to disclose how and why you collect personal data, how long it is retained, and who it is shared with.
With Drupal, WordPress and WooCommerce, you also need to consider how plugins and services your website uses affect customer privacy.
Work out how you will respond to Right of Access and Right to Erasure requests.
There are some helpful new personal data export tools coming to WordPress and WooCommerce, and in Drupal too, but you need a plan for how you will handle requests from website visitors relating to their data.
Plan for the worst, and know what to do in case of a hack security breach.
No one wants this to happen, but preparing for this worst case scenario is part of your privacy responsibility under the GDPR.