By Corey Gildart (July 6, 2018, 12:30 PM EDT) -- EU General Data Protection Regulation[1] protections and remedies are intended and necessary so that personal data may move as freely[2] within the EU as the citizens therein. The regulation thus concentrates considerably on personal data transfer between national authorities of member states. This poses a myriad of interpretive issues, not the least of which is the distribution of responsibility and liability between U.S. data processing vendors and the global client organizations through whom they work. Privacy professionals would be prudent to assume that both controllers and processors[3] will be jointly and severally liable for any infractions,[4] and should consequently frame compliance programs with the full consideration of unintended obligations and vulnerabilities cascading from the regulation's explicitly enumerated duties....