In three months, the EU’s General Data Protection Regulation (GDPR), one of the strictest privacy laws in the world, will go into effect. It will apply to companies that collect or process personal data of EU residents, regardless of whether the company is physically located in the EU. Companies that violate the law will be