GDPR and SMEs – The Implications of Change