Cyber Resilience Think Tank: Planning for GDPR