[Angostura]

I wouldn’t bother about documentation, but I would bother about thinking about the basics: do I need all this personal information? On what legitame basis am I collecting it? Am I storing it safely? Do I explain to people clearly how I’m using it, how they can see it, amend it or delete it?

Get the basics down, the documentation can follow. Get the basics wrong and it becomes painful.

[BjoernKW]

I agree in that the major benefit of GDPR for small companies is that you have to review and perhaps revise your processes accordingly.

However, the documentation still is required. You can create some of that later or just in case you're requested to do so but as soon as third parties (i.e. data processors) are involved that might not be possible anymore.

At the very least you'll be very busy for a few days because such requests by relevant authorities will come attached with a somewhat tight deadline ("Please supply these documents within 2 weeks or else ...").