Not yet GDPR compliant? Here’s how to minimize your organization’s risk