As GDPR fades into memory, so does its allocation in IT budgets