I expect that there will be a rush to re-obtain consent from users in the last few months before GDPR kicks in. Look to Google for how this is done well.
IMO, it'll be good for the "preference center" applications and there will be an expansion in business for them. It'll be very good for consultancies on two fronts:
2. Data science - Namely, how to organise a DS operation around aggregated as opposed to personalisable data.
I guess, first of all, it depends on how serious companies will take the regulation and how strict it will be enforced by the regulator. Will we see headlines about penalties next year?
I expect consulting need for DevOps/security/law. Companies that already help out with HIPAA and the like are probably in the best position.
Our company is doing several GDPR consulting projects, with final delivery date around March. The interest from the companies on GDPR consulting has really decreased in the past months.
As an individual, you may consider a DPO (Data Protection Officer) role for several companies -- these are usually too small to have a dedicated person, but they need it according to GDPR. No formal education or certificates required, however you do need to know the law and technical things on a reasonable level.
Indeed, hopefully it won't be another cookie law, this time notifying users they need to forfeit their rights granted by the GDPR to access the site.