GDPR Update 2018
If you are in Europe you will need not just your website but all the data you hold to be GDPR compliant. This is a big job for any organisation as it changes the way you handle data and how you gain people’s consent to your use of that data and it also significantly enhances the rights of the person who’s data you hold.
There are a huge raft of documents and companies making money out of doing this for you. Start with getting to understand the requirements.
For the UK:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ (the most important thing for you to look at)
https://www.ncsc.gov.uk/smallbusiness (very useful to help explain security issues)
http://www.cfg.org.uk/resources/Publications/cfg-publications.aspx#GDPRguide (a guide for charities)
Generic, but give you a good quick start: