We are a US-based company and we sell our services to EU companies. As part of those transactions, we collect first name, last name, email address, and phone numbers of representatives of those companies, and presumably most of these persons are EU citizens. Do we need to be compliant with the GDPR?
Answer: In order to provide a precise answer we would need some more information on the type of transactions and services provided by the US based company as well as the purpose of collection of the personal data.
If these information are lacking my first choice would be to consider that the US based company is acting as a processor and since they are dealing with a EU based controller there is high chance that GDPR would be applicable for the processing activities involving EU citizens personal data.