I’m looking for a link that would confirm if we need to comply with GDPR or not. We’re strictly a US-based business with no presence, customers, propects, or marketing in the EU.
The gray area is that occassionally someone from outside the US will find our website and fill out a contact form to get one of our ebooks. When that happens, we just delete the record.
A few people in the company are claiming we can be fined by the EU anyway. I’m looking for a reliable source that can tell me one way or the other. Thanks!
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
It seems quite clear you don’t offer goods and services to EU nationals, but if you are collecting data about site visitors - e.g. via Google Analytics - you might need to review that.