The introduction of the General Data Protection Regulation requires much of both treasury departments and their banks, reports Graham Buck