(100+ gb, over 1,000 tables)
100 GB is not large.
When doing data masking for an entire database, do you typically just focus on a small percentage of columns that need to be transformed or encrypted in some way
Masking is not encryption. Masking will not pass most audits.
As far as what you need to mask, that would be up to you. "It depends" certainly applies. In one system, we have encrypted only PII columns. Emails, names, and so forth.
In another system, we have simply masked the same data, as well as the columns that hold financial data.
What columns to mask and encrypt was not determined by the DBA's or developers, this came from the business units and auditors.
As for how long this takes, data masking does not modify the data. You simply "turn it on". Encryption, depending upon how many columns and the volume of encrypted data, varies greatly. As an example, the system were we have encrypted the users PII data is about 120 GB, the users table is about 45 GB. There are approximately 10 columns that are encrypted. Then this was implemented on out development environment, it took hours. The resources allocated to the dev box is minimal. On production, which is far more robust hardware, it took about an hour.
I guess the real question I have is what are you trying to do? What directive at your company have you been given?
And, test, test, test. This is not something trivial.