Companies are making changes left and right to comply with GDPR, but the real headache is understanding the impact of all those changes.