On Sat, 26 May 2018, Seth Mattinen wrote:
On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote:
Actually, GDPR specifically requires processors to include statements of
compliance right in their contracts; we also strongly recommend that
controllers insist on indemnification clauses in their contracts with
processors, because if the processor screws up and there is a breach,
the_controller_ can also be held liable, and the financial penalties in
GDPR are very stiff.
Good luck getting multiple millions worth of fines out of small businesses
that never even touch a million a year in revenue, let alone the added
expenses of trying to do all the crap GDPR thinks everyone can suddenly
afford out of nowhere.
I imagine small businesses who do a small percentage of revenue to EU
citizens will simply decide to do zero percentage of revenue to EU
citizens. The risk is simply too great.
-Dan