Starting on May 25, 2018, the European Union’s General Data Protection Regulation (“GDPR”) imposes data privacy and data protection requirements on entities that control or process personal data about people in the 28 member countries of the European Union (“EU”) as well as countries located in the European Economic Area (“EEA”). GDPR’s requirements apply to entities located outside of the EU who control or process the personal data of anyone who is in the EU, regardless of EU citizenship.