[JumpCrisscross]

> GDPR in the US should have the power to audit companies and ensure compliance, just like the FDA

This is wanton overregulation. All we need is strict liability for data loss. After a few years of watching cases play out in the courts, we can revisit to see if more onerous regulation is required.

[idrios]

I think auditing needs to be part of it too. Otherwise what's to stop companies from just never disclosing data loss? The way I understand it, right now companies intentionally don't look for data breaches so they can claim ignorance if anything comes to light.