I thought I'd post this here as it's an excellent post that is relevant to all of us in the EU:
Marketing implications of the new EU General Data Protection Regulation (GDPR)
This part in particular jumped out at me. While i'm not a legal eagle, I kind of read it to believe that if there were a breach CM side (and I have every faith in their security so i'm sure this is ever so unlikely).. it sounds like they need to make a commitment to us of letting us know about a breach? I'm not sure however... if someone could clue me in on here that would be good :)
"For example, all contact renewals and new contacts that entail personal data transfer or processing will need to have a clause in them that effectively says that once the new EU Regulation is passed, the third party has to supply to you within a set time frame its plans to become compliant with the GDPR.
Furthermore, you might need to re-negotiate the third party contract based upon those plans, due to cost and liability issues.
For example, we know there’ll be a statutory requirement to declare a data breach within a very short time frame, so the third party will need a formal process to tell you that they believe there’s a breach and this is what you have to report."
This only applies in Europe, right?