The way GDPR works, I think the companies using TrustArc are more likely to be held liable than TrustArc itself. Unless TrustArc makes the unforced error of getting itself classified as a Data Controller.
> Unless TrustArc makes the unforced error of getting itself classified as a Data Controller.
Knowing how some scams and tax evasion schemes work I wouldn't be surprised if they could just set up a separate company that ends up with all the liability without any of the assets and just have that declare bankruptcy the moment the first fines hit. Rinse/Repeat as often as necessary.
Knowing how some scams and tax evasion schemes work I wouldn't be surprised if they could just set up a separate company that ends up with all the liability without any of the assets and just have that declare bankruptcy the moment the first fines hit. Rinse/Repeat as often as necessary.