The GDPR is a broad document covering a range of topics related to privacy and security. Sadly, I do not have Joomla extensions to offer solutions to all of the problems posed by this regulation.
This list of considerations will give you an idea of the coverage provided by RicheyWeb extensions as they relate to GDPR.
The "Fields - Terms of Service" extension can be used to achieve compliance with mandatory consent requirements during registration (items which cannot be declined). Standard Joomla custom fields (checkbox, checkboxes, radio, list, etc) can be used to obtain consent or non-consent for non-essential functionality on your site.
Additionally, the "System - Required Fields" plugin can be used to force users to accept NEW terms after registration. Using this plugin, you can force users to their profile edit page where they cannot leave until required terms are agreed to.
Various Joomla security tools can detect and notify on breaches. It is unlikely that you would want these extensions to notify users directly, so this is a task that must be scrutinized and handled by a human to avoid notification of false positives. The GDPR has specific requirements for notification. You have 72 hours to notify affected users after becoming aware of a breach.
This requirement should NOT be automated with software.
Right to Access
This portion of the regulation requires that users be notified when their data is being used in any processing. The "User - Profile History" plugin can be used to notify users if their data has been altered, along with how and by whom. This is as detailed as I can be with user data, as there is no way for me to detect processing that occurs outside of Joomla or in other Joomla extensions. Joomla provides a mechanism I can use to monitor user changes, so your responsibility to notify users of any additional processing still remains.
Right to be Forgotten
Some Joomla extensions exist to achieve user self-deletion, but these extensions often have problems because of the flexibility of Joomla. It may be impossible to identify all of the possible locations of user data due to the myriad of 3rd party extensions that exist. It might be best to contract a developer to create a solution specific to your site and data structure.
* extension in development
This is an interesting requirement in that it's possible to code, but has similar issues to the "Right to be Forgotten" in that data can be in many places. I may try to build a solution to this requirement.
* extension in development
Privacy by Design
This has everything to do with your site security. If you're not familiar or proficient in securing websites, you may want to hire a professional to assist you.
Data Protection Officers
This is a can of worms. You may want your legal council to review the requirements and make a recommendation as the regulations vary depending on which EU member state the organization resides.