The GDPR imposes quite a few obligations on controllers of EU particular knowledge. Some of these obligations really are a continuation of These established by the 1995 EU Directive, but others are possibly new or expanded. Businesses involved with processing personal information are divided into two classes: “controllers” and “processors.” https://www.reddit.com/user/vciso-services-in-us/comments/1ehfkvj/web_application_security_testing_in_the_usa/