There are way more elements that could be added to this checklist, and you need to work with your internal experts and external advisors to come up with a list customized for your needs. For example, you may need to design data protection impact assessments, appoint a data protection officer, manage and review marketing and other company communication practices, and revisit your vendor management and contracting processes.
Having a solid basis by mapping out your data processing activities, gives you a big advantage for any subsequent GDPR compliance question that you may encounter.
You will find below some additional resources that we rely on and find helpful, and we hope they will be useful for you too.
Start with the source: The full legal text of the GDPR.
The Data Protection Directive is described here.
Here is a Data Protection Authority (DPA) in each EU State. Some of them publish wonderful guidelines on the GDPR implementation. Check it here.
Article 29: An advisory body appointed a representative from the DPA of each EU Member State. The best guideline is the most recent one. You can find WP29 Newsroom here.