Can you think of anything that could easily be overlooked when preparing for GDPR?

"Can you think of anything that could easily be overlooked when preparing for GDPR?"

The main issue is to insert privacy sensibility into organization processes and make GDPR a living thing into every-day activities. 
In fact, many organizations can easily comply with the document-side of GDPR by drafting good privacy notices and policies or updating their devices with security measures but all the work done is frustrated if employees keep password under the keyboard, or forget to comply with data subjects request or do not update privacy notices and ask consent when required.

Most of the fines issued from Data Protection Authorities (DPAs) concern non-compliance with general data processing principles as indicated in Article 5 GDPR (almost 44% of fines in 2019 according to European statistics on DPA decisions), security measures, and respect of data subjects rights.

Here you can find more information:
Article 5 GDPR: https://advisera.com/gdpr/principles-relating-to-processing-of-personal-data/
Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//