Reading Time: 3 minutes The European Union’s (EU) General Data Protection Regulation (GDPR) came into force on May 25, 2018, and has implications for many Canadian organizations, particularly those controlling or processing personal information in the EU or of its EU data subjects (any person whose personal data is being collected, held or processed).