Congratulations on your store launch 
Have a look through 25 Ultimate Security Checks and Habits for Magento 2. I don’t think #22 is required anymore because of the new tool in #23.
Also, GDPR requires you to run Penetration Tests. There are different types on “Pen Tests” that evaluate your security/vulnerabilities (both online and offline). I don’t know that much about it all as I don’t really deal with that kind of stuff right now.
My limited research on the topic leads me to believe that you have to hire an accredited consultancy firm who test and evaluate your site/business both online and work premises. This is required several times per year, which can work out quite pricey.
Some useful links include: