I work for a company that doesn't take privacy laws very seriously. As far as I can tell, they're woefully unprepared for GDPR and don't seem to care very much.
My tasks mainly consist of software development and maintenance, with some degree of systems administration, data analysis, and reporting. I regularly come into contact with user data (including plain-text passwords).
Am I in any way personally at risk?
To what degree is "I was just doing what I was told" a valid defense (nothing is in writing though)?
If I quit my job before GDPR applies, do I escape any such liability from that employment?