The GDPR is wrongly cast as a mere legal obligation. Instead it sets forth principles that should inform business activity at any level, especially in IT. This is a laboratory to help people in IT better understand their role in the GDPR landscape, and what they can do to help their organisation profit from a greater respect of the fundamental rights and freedoms that Surveillance Capitalism sees as a mere resource to exploit.