Enforcement Notice from the information regulator: what now?