How to deal with GDPR