Judging by the volume of sales people contacting me at work, I would bet a substantial number of companies have not even begun GDPR compliance until at least Q2 2018.

Yeah, but how many are just US-based without an office in the EU or a real presence in the EU? ICANN is an international organization with a regional office in the EU and an engagement center, with EU customers representing a big chunk of sales/revenue. There's really no excuse for ICANN, whereas if you're a SASS company based in the US, which may have 10% of revenue coming from the EU, it's more understandable.

You still have to implement it in case you are visited by EU national (even if that is just a person visiting the site without intention to buy) - as you shouldn't log EU personal data without permission. Even if you filter out European IP addresses you have to consider that EU national can be visiting from the US for example and you still cannot log without permission.