Large corporations are not the only businesses governed by Europe’s GDPR, which became effective last month. Small and mid-sized businesses also are subject to its provisions. The regulation applies to the processing of personal data of individuals in the EU by an individual, a company or an organization engaged in professional or commercial activities