How to solve the 'hidden layers of data' problem at the heart of GDPR compliance