One year of GDPR: the key cases so far – who has suffered and who has had a lucky escape? (Part 2)