"Part of GDPR is due diligence regarding your own activities as well as those of business partners and vendors, and figuring out what’s being collected, from whom and how, and then moving from there. Frequently, clients will say, 'That has no impact on me. Nothing we do touches GDPR.' After we have about a 10-minute conversation, 9 times out of 10, the answer is very different. The overriding assumption should not and cannot be that 'GDPR doesn’t apply to me.'"
Read the article here.