Once GDPR applicability is determined, a host of significant responsibilities apply to US Controllers and Processors of EU subject personal data. The duties extend to the data subject, the EU and its supervising authority, and between Controllers and Processors. Significant adjustments may be required on both the security and informational side of Controller and Processor technology to comply with the notice and subject response obligations imposed on Controllers and Processors. The security by design concepts of the regulation will expose many gaps in current processing capacity. GDPR compliance management will become an administrative function in covered businesses whether or not they operate at a level requiring data processing assessments or designation of a DPO. Companies that resist compliance risk not just enforcement but loss of business relationships with customers obliged to comply.
Read the full article here.