Once everybody in the company is aware changes are coming, and that you have audited what information you hold and how you capture it, it's time to communicate.
You need to review your communication notices and put a plan in place to change them in time for GDPR. Doing this as soon as possible will help you be in compliance much sooner and avoid a last panic dash near the date.
When you collect data, you need to give people information about you, and how you will use that information you are collecting. It is standard practice to do that today with a privacy notice.
Under GDPR, you will need to provide additional information on (for instance) the lawful basis for processing the data, how long you will keep the data for, and even that individuals have the right to complain to the ICO (in the UK at least, other countries have other similar organisations) if they think you are not using the data correctly
GDPR requires this information to be provided in a concise and clear way, and that it is easy to understand.
The ICO provides a code of practice guideline reflecting the new GDPR requirements
GDPR comes into force on 25th May 2018
< 2. Information you hold 4. Individual Rights >