1) Don’t think about users’ privacy from the start. 2) Ignore GDPR until the enforcement deadline. 3) Panic and shut down EU until you find something to do.