Guest
Compliance of U.S. company dealing with B2B customers
We are a US-based company and we sell our services to EU companies. As part of those transactions, we collect first name, last name, email address, and phone numbers of representatives of those companies, and presumably most of these persons are EU citizens. Do we need to be compliant with the GDPR?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Dejan Kosutic
Nov 07, 2017
Answer: In order to provide a precise answer we would need some more information on the type of transactions and services provided by the US based company as well as the purpose of collection of the personal data.
If these information are lacking my first choice would be to consider that the US based company is acting as a processor and since they are dealing with a EU based controller there is high chance that GDPR would be applicable for the processing activities involving EU citizens personal data.
See also this article: EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Comment as guest or Sign in
Nov 07, 2017
Nov 07, 2017
Nov 07, 2017