Well, no. To start with, it's pretty obvious that a database of email or physical addresses, or credit card numbers, is going to be sensitive information, so much of that process can be automated.
"The big deal is unstructured information. It requires context," Garber said.
HPE, like a number of other companies, already has software tools that can make this kind of assessment, looking out for clues in email or other records that indicate the presence of credit card or bank account numbers and the like.
On Thursday, HPE began explicitly packaging some of its existing tools as solutions to particular GDPR compliance tasks, a move that will simplify matters for worried customers -- and perhaps bring HPE a little extra revenue in the run-up to 2018.
Its Personal Data Assessment tool will automatically identify information that falls under GDPR rules, while Secure Content Management will apply the appropriate policies to the data once assessed. It even has a Litigation Readiness and Response tool for dealing with investigations and lawsuits.
The portfolio is modular, leaving companies free to pick and choose whether to buy some elements elsewhere or to roll their own regulatory response.
Whoever businesses intend to hand the GDPR compliance tasks to, Garber thinks they should start right away.
"Many of these solutions will take some time to set up," he said.
And with a potential €20 million fine riding on the outcome, "If they wait until 2018 to switch the technology on, it will be too late," he said.
Sign up for CIO Asia eNewsletters.