GDPR is EU law as of May 25, 2018 and there are potentially very large fines for organizations who suffer a data breach. GDPR applies to all organizations who process personal data for EU citizens, regardless of which country the organization operates in. Yes, that means American businesses, too.
I have had the privilege of being a SHARE Board Member for over five years. In that time, I have seen the association make a great deal of progress, which I think is important to reflect on here with you our members.