From Insight to Action: Best Practices for the GDPR-Ready Organization