Tailoring Taint Analysis to GDPR