It's a race to the finish line that also affects U.S. companies with European customers. In these final moments, every company must at least show good faith in attempting to follow the law and having procedures and technology in place to do so.
Many in Europe and the U.S. view GDPR as Europe's first true data breach protection measure — in part because it requires notification of any breach within 72 hours. But they also see it as a complex and costly race to the May 25 deadline.
In many ways, the goal of the GDPR is to increase difficulty for a hacker, while also flipping the rights of data ownership back to the European consumer. U.S. companies that serve European consumers are obligated to follow the regulations.