David A. Zetoony of the law firm Bryan Cave LLP offers five real-life examples of misstatements that some of its clients has received from a company advertising services to help prepare for the GDPR, including directors are required to certify compliance with GDPR; data subjects are always required to provide their consent to processing; boards of directors are subject to criminal prosecution; boards of directors are personally liable for violations of the GDPR; and how the scope of the GDPR is not based, triggered, or bound by the citizenship of a person.
