'The BBC recently updated their T&Cs to be more transparent and the RNLI did a great job in using 'Consent' as the lawful basis for processing their mailing list, but I believe they are still making changes to prepare for May 2018. I have done 90% of what I need to do for my company, and the SMEs I am working with on GDPR have made changes. I doubt any company will say 'we have got it right and this is how we did it' until the end of May 2018. Maybe 4N could put up details about what they have done - that may have already happened and I have missed it.
The ICO's 12 steps document gives you the steps to follow, but how you do them depends on the types of personal data you hold and what you do with it ('processing'). For example, I don't have an email mailing list so I don't need to spend any time to confirm I know why everyone is on the list - which will probably be on the basis of 'Consent' or 'Legitimate Interest'.
Getting ready for GDPR is a bit like driving a car. You may have been doing it for years but then some slightly different driving rules come out. The GDPR isn't that different from the Data Protection Act (DPA), but most people don't really follow the DPA so end up driving at 40 miles an hour in a 30 mile an hour zone. You need to read the new rules and decide what needs to change. You could decide to do nothing, or very little, and hope that you will not be caught. Or you could use a GDPR Driving Instructor (someone like me) to take you through the process, including the emergency stop where you check that your 4-5 steps to deal with data breaches will work.