In the short time before the GDPR goes into effect, what are the last-minute steps that companies should be taking to prepare themselves for this sea change in privacy rules? In this guest article, O’Melveny & Meyers attorneys Scott Pink, Mallory Jensen and Amanda Bradley discuss these steps and ongoing obligations for companies subject to the GDPR, including measures companies may not have thought to take, and how companies can remain vigilant and continue improving their privacy procedures after the GDPR takes effect. See also CSLR’s two-part interview with the Irish Data Commissioner: “Supervising Facebook” (April. 25, 2018); and “GDPR Enforcement Priorities” (May 2, 2018); and “A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part One of Two)” (Mar. 22, 2017); Part Two (Apr. 5, 2017).