For something as simple as PIN entry you could place the code in a read-only area of memory at the boot vector so it got called every time the battery was replaced, a bit like the unlock codes used on car stereos. Not sure about Canon DSLRs but many devices already have such a read-only area so a bootloader can still be used to 'unbrick' a failed firmware update.
GPS would be a bit more problematic, unlike a smartphone that normally has an active SIM / Internet connection the camera doesn't, and trying to actively attach to open WiFi access points could be legally questionable.
Good EXIF serial tracking like the site gmrza pointed out would be a good step foward, especially if a few major players like Facebook and Google got on board with providing data. They could always just report back the number of 'hits' on a certain serial number after the date stolen and only provide more detailed information to law enforcement to protect privacy.