""Some companies may realize it’s better to just extend GDPR protections to all their customers, period, rather than one one policy for European citizens and one policy for the rest of the world," says Richard Forno, a cyber security researcher and the Assistant Director of UMBC's Center for Cybersecurity. "
"It remains to be seen how much the rest of the world will benefit from GDPR rules, but there are likely "some rights that companies couldn’t contain to Europeans even if they tried," says Yana Welinder, a fellow at the Center for Internet and Society at Stanford Law School. "For example, companies will now have to notify a European agency if they had a personal data breach within 72 hours of a breach. If the breach exposes users to high risk, the company also needs to notify users directly.""
""Companies are still struggling to provide the tools to help users," says Woodrow Hartzog, a law and computer science researcher at Northeastern University and the author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies. "It's not as though the day after the GDPR comes into effect, all of our privacy problems are going to magically go away.""