The GDPR has set a couple of new rules for privacy policies. One of those conditions is a necessary mention that data subjects (the people whose personal data is being processed) can seek support from their local data protection authority when dealing with a data controller or processor who is not being helpful when a data subject asserts his rights with respect to the processing of his personal data.
Contact us if you would like us to review your data protection policy and make it compliant with the GDPR. We have vast experience in data protection matters. When it comes to American companies we have more than 15 years of experience in helping them establishing in Europe.