[Bumerang]

Speaking from experience -- GDPR is a huge issue basically for everyone in the Financial sector (banks, insurance, etc.) and projects to address that started two years or one year ago. Now they are usually rolling their solution into production.

Our company is doing several GDPR consulting projects, with final delivery date around March. The interest from the companies on GDPR consulting has really decreased in the past months.

As an individual, you may consider a DPO (Data Protection Officer) role for several companies -- these are usually too small to have a dedicated person, but they need it according to GDPR. No formal education or certificates required, however you do need to know the law and technical things on a reasonable level.