A few things can happen if you’re not GDPR compliant. It all depends on the circumstances and severity of the breach. If you can show that you are trying your best to be GDPR-compliant, you might get away with a less severe reaction from the authorities who will investigate your case and examine your business and processes. Good will goes a long way.
The cost of non-compliance has four levels: a warning, a reprimand, a suspension of all data-processing and finally a fine that can be up to 4% of your global annual turnover or €20 million.
As you can see, it is important to get as well prepared as possible!
Doing everything correctly for GDPR has two benefits: first, it greatly lowers the chances of a data breach occurring. Second, if a data breach occurs, all of this will probably be checked by the authorities and if your organisation is complying well, has good policies in place, etc, the fine charged, if any, is likely to be much less.