A major U.S.-based hotel chain is facing a fine for millions of dollars related to General Data Protection Regulation (GDPR). If your company processes or stores any information related to European citizens or customers who were in Europe when they accessed your website, you may be susceptible to fines even though your company is based in the United States. If your company has no European interests, there are other data-related regulations that you might have to comply with such as HIPAA, PCI DSS, and FISMA.
Ultimately, it’s the responsibility of the business owner to ensure that their entity is complying with any and all data-related requirements. The only way to properly ensure that you are in compliance is to have a third-party assessment.