I just received a Microsoft marketing email "Prepare for the General Data Protection Regulation" and it occurred to me that this might be the first time smaller U.S. businesses or organizations become aware of this new regulation. A distribution list like Microsoft, or Apple, could create a unified awareness in the U.S. of such a regulation more than newspapers or blog entries, television, or business journals. My experience is that many small U.S. entities are unaware of this far-reaching regulation and are unprepared for the impact to their business.
So welcome newcomers to the world of GDPR. I always open my blog entries on this topic the caveats that I am not "Certified" in "Data Protection" , nor am I a lawyer specializing in data protection or contracts. We at Vizzy Solutions and Dirty Data Girl operate as "data processors" in the GDPR classification system. Caveat aside, the Regulation Article 28 does make it a processor's responsibility to "assist the controller..." And it is at this moment exactly where my concern for smaller U.S. companies comes in. If you're asking yourself "What is a controller?" right now, that should indicate to you how far behind you are in being prepared to respond to this globally affecting regulation which becomes enforceable May 25, 2018.