Also outside of perhaps the EU, are there any legal enforcement mechanisms to hold them accountable for lying about it, if an audit showed that they were?
Also outside of perhaps the EU, are there any legal enforcement mechanisms to hold them accountable for lying about it, if an audit showed that they were?
Privacy Compliance audits are a thing. Usually companies will hire a firm to do the audit which will culminate in a report of any violations and recommendations. That might be taken on for a company to cover its ass or because a client company asks them to as part of a contract. There’s not usually a “punishment” for those but a contract could have a clause to that effect.
Legal enforcement depends on the law in question. There’s a number of data privacy laws beyond GDPR each with different investigation and enforcement actions. They definitely can result in an audit by the enforcement body with risk of stick.