GDPR: enough or too much privacy for IoT?