GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach