I'm not saying it wouldn't be burdensome. I'm saying we should make a comparison of the key points in the GDPR versus PIPEDA to make sure that we maintain compliance to the extent possible. I'm not saying that we wholesale implement the GDPR for Canada.
I think some of the main points, about four of them, have been identified as things that need to be looked at, such as children's privacy, which is a key one. As an example, when I checked out of a Staples store, my daughter was 14 and they tried to sign her up with her email address. It was a clerk who was probably 17 or 18 years of age.
There are things that need to be tightened up in terms of our infrastructure. I don't think people are properly trained in organizations, just as they probably aren't as aware as they should be in the general public.
Certainly we should do whatever we can to try to maintain that compliance with GDPR, at least to the extent that we remain adequate. Believe me, I've dealt with situations where we tried to transfer information to the U.S. and it's really very difficult if you have to go on a company-by-company basis.