This document provides hints for organizations to prepare for the General Data Protection Regulation (GDPR) in late 2016. It summarizes that controllers should understand their current data processing situation, ensure their systems provide data protection by design, verify their partners who process data, and not wait to start evaluating how to comply with GDPR requirements. The document emphasizes that while GDPR is an evolution, most controllers will need to do some work to fully meet its standards when it goes into effect in May 2018.