Typical, simplified, workflow (varies):
1) Review what data you collect and why
2) Document these in an updated privacy policy along with third parties you share data with and why
3) Update all forms on your site collecting personal information
4) Update your cookie policy and the way you handle cookies, for some of these you might need consent, for some there might be exemptions
5) If you expect this to be an issue, set up automated means of handling requests pertaining to data subject rights, otherwise process them as they come via email
While some smaller sites are getting around the need for an EU rep by claiming that they are only processing data occasionally and not on a large scale (whatever that means, as it's not defined by the GDPR) there is a big problem with getting an EU rep, because as opposed to a DPO, which doesn't have liability, your EU representative "should be subject to enforcement proceedings in the event of non-compliance by the controller or processor." making that natural or legal person liable, so you won't be able to easily outsource this.
If you have set up shop in the EU, then it's pretty easy to handle the aspect of an EU rep. Also, if you're transferring data between your EU and US offices/datacenters, you can self-certify under the privacy shield, starting from ~$250 per year to not have to deal with binding corporate rules or standard contractual causes, so that you can effectively make these transfers "safe" under the GDPR, along with various technical safeguards, of course.