1. Do we require any resources from law to implement GDPR?
The GDPR (as any European Regulation) has direct applicability in the Member States and does not require any adaptation from national laws. However, there are some topics where Member State law can implement GDPR requirements (i.e. legislation on video surveillance or health and safety in the workplace), so you may need to verify if your national law requires additional steps to comply with.
You can find information on how to implement GDPR and comply with your national law on your national Data Protection Authority (DPA) website where you can find suggestions and requirements.
We developed a toolkit to help the controller to implement GDPR.
2. In addition to that, I wanted to know what are the main things to consider when we implement this GDPR"
In order to implement correctly GDPR, first of all, you need to know your business and be aware of what kind of data processing your company carries out in its activity (clients, suppliers, employees are the most common categories of individuals a company deals with).Then, you need to evaluate what is the data processing: why you are collecting data? For which purposes? How long you need to keep data? Do you need all data you are collecting? Can you do your activity by collecting less data? Who processes data? Who has access to data? Are your data secured? What are the security measures taken against data breach (which means any accident which has an impact on integrity, availability, reliability, and confidentiality of data)?
You may find out that you need to establish policies for your employee on how to process data, establish access control, and also notice your data subject, which is one of the most important parts while implementing GDPR. You will need a privacy notice (better for each category of data subjects, because the data processing of your employees' data will be different from the processing of your clients) and establish procedures to assure the data subjects' rights.
These are the main things to consider when implementing GDPR, others may depend on the nature of your activity (does it involve monitoring on a large scale of data? Do you process special categories of data, like health, sexual orientation, political opinion, data referring to criminal conviction?) that may require a Data Protection Impact Assessment (DPIA) or to appoint a Data Protection Officer (DPO).