The European commission issued a document on 24 January 2018, which provides a useful overview of what has been achieved so far in terms of preparing for GDPR compliance. It also sets out what is yet to be achieved by 25 May 2018.
Paragraph 3.4 of the Communication addresses the need for businesses, public administrations and other organisations processing data, to get ready for the application of the new rules.
Specifically referred to are carrying out Data Protection Impact Assessments and thorough reviews of data policy cycles, to identify the data held, for what purpose and on what legal basis. Also emphasised is the need to assess current contracts, appoint a Data Protection Officer and adopt Privacy by Design and Default principles.
For further details, see the document here.