GDPR isn’t a money making tool. The new fines should not be a business’s primary concern. What businesses should be focusing on is increasing resilience to minimise breaches.