GDPR: Don’t bury your head in the sand