The process of ensuring that an organisation follows applicable laws, rules and regulations. It is an on-going effort with constant reviews and updates. The ultimate goal is to always act as you are required or expected to do.
If a controller or processor do not comply with the GDPR, they are risking fines up to 4 % of their annual revenue from the preceding year or 20 million Euro, whichever amount is higher.