The GDPR is designed to protect the personal data of everyone who lives in the European Union. The regulation aims to create one standard for all European countries, thereby simplifying doing business across the continent...
The GDPR is primarily concerned with a risk assessment that every company or organisation does for itself, not about "one size fits all" solutions. A starting point should be understanding the importance of people's right to control information about themselves, and your responsibility for making sure that when people use your services, this right is upheld. Guidelines issued by the Article 29 Working Party offer examples of good and bad practices. You should find useful guidelines on the website of your national Data Protection Authority as well...
The GDPR is enforced by national Data Protection Authorities and civil courts.