No one’s ready for GDPR; The Verge, May 22, 2018

Sarah Jeong, The Verge; No one’s ready for GDPR

"The General Data Protection Regulation will go into effect on May 25th, and no one is ready — not the companies and not even the regulators...

GDPR is only supposed to apply to the EU and EU residents, but because so many companies do business in Europe, the American technology industry is scrambling to become GDPR compliant. Still, even though GDPR’s big debut is bound to be messy, the regulation marks a sea change in how data is handled across the world. Americans outside of Europe can’t make data subject access requests, and they can’t demand that their data be deleted. But GDPR compliance is going to have spillover effects for them anyway. The breach notification requirement, especially, is more stringent than anything in the US. The hope is that as companies and regulatory bodies settle into the flow of things, the heightened privacy protections of GDPR will become business as usual. In the meantime, it’s just a mad scramble to keep up."