On Sat, 26 May 2018, Seth Mattinen wrote:
Actually, GDPR specifically requires processors to include statements of compliance right in their contracts; we also strongly recommend that controllers insist on indemnification clauses in their contracts with processors, because if the processor screws up and there is a breach, the_controller_ can also be held liable, and the financial penalties in GDPR are very stiff. Good luck getting multiple millions worth of fines out of small businesses
On 5/24/18 4:21 PM, Anne P. Mitchell Esq. wrote: that never even touch a million a year in revenue, let alone the added expenses of trying to do all the crap GDPR thinks everyone can suddenly afford out of nowhere.
I imagine small businesses who do a small percentage of revenue to EU citizens will simply decide to do zero percentage of revenue to EU citizens. The risk is simply too great. -Dan