I have a couple of questions regarding GDPR compliance:
Say I have an ecommerce website for the USA, which buys and ships (sells) goods only to and from the USA and to no other country, does it need to be GDPR compliant?
Should I make sure I am NOT selling to a European citizen who happens to be in the USA if my business is not GDPR compliant? Thanks for the help!
-
GDPR Compliance
-
Provided you do not exchange any data with anyone outside of the USA, then you need only comply with US data protection and compliance laws.
You still should have an understanding of how your third-party associates handle data and have appropriate data-handling agreements in-place.
You should, of course, have a privacy policy stating how you handle customer data.
Cheers,
Neil.