GDPR Compliance in US

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 4,009 reviews

Jump to Section

Need help with a Privacy Policy?

Post Project Now

GDPR Compliance in US: A Detailed Overview

The GDPR (General Data Protection Regulation) handles personal information, described as any data that can determine a person, called a "data subject." In addition, concerned organizations must comply with data subjects' desires on how their data gets processed and maintain records of how this process happens. Moreover, the GDPR intends to give EU citizens more authority over the personal data that organizations gather, approach and stock.

So if you own a company in the United States and wish to comply with the General Data Protection Regulation, it is best to hire a professional attorney who can help you with your GDPR compliance.

Does the General Data Protection Regulation (GDPR) Apply to US Citizens?

The GDPR (General Data Protection Regulation) protects the details of anyone in the EU (European Union). Thus, when a US resident lives in an EU (European Union) nation, the GDPR will apply to that information when a business gathers data.

In addition, the phrase "personal data" under the GDPR is especially more comprehensive than most US compliance regulations, which tend only to guard data used to perpetrate fraud. However, GDPR can apply to businesses running in the United States as it has an extraterritorial extent, indicating it can also apply outside the EU (European Union) i.e. the United States. And since the regulation is meant to guard European users, it can extend to foreign enterprises, too.

Still, numerous national and state-level privacy laws in the United States of America present similar protections. In addition, the California Consumer Privacy Act (CCPA) and California Privacy Protection Act (CalOPPA) govern the group of "personally identifiable data" from any individual living in the state of California (which comprises any California citizens who are EU residents).

Furthermore, the Children's Online Privacy Protection Act (COPPA) regulates the use, supply, and distribution of data belonging to any minor under the age of 13, regardless of nationality, so long as they stay in the US (United States) when their information is gathered.

What are the Most Crucial GDPR Prerequisites for US Businesses?

Any private or public sector business that supplies or processes personal data concerning EU (European Union) citizens must comply with the General Data Protection Regulation, even if it does not have a physical existence within the EU. The essential prerequisites are as follows:

  • Controllers: They determine the objectives and standards of processing individual data. They must execute reasonable technical and administrative steps to ensure and confirm that personal data processing is performed following the General Data Protection Regulation.
  • Processors: They regulate private information on the recorded instructions of a controller. In addition, processors can be internal bodies that keep and process individual data documents or an outsourcing company that fulfills all or part of those actions.

Besides, the GDPR holds both processors and controllers are accountable for breaches of its requirements. Thus, your business and a data processing associate, such as a cloud service provider, will be accountable for penalties and other liabilities under the GDPR, even if the blame is entirely on the part of your processing associate. So to ensure you never have to pay hefty penalties for non-compliance, you must hire a professional attorney who can help you remain fully compliant with the GDPR laws applicable in the US.

GDPR Compliance Rules for US Companies

For your US company to comply with the GDPR (General Data Protection Regulation), here are some steps they must follow:

  • Maintain a Lawful Basis: The GDPR (General Data Protection Regulation) requires that you have at least one legal ground for processing individual data.
  • Ensure it's Opt-in Permission: While United States regulations generally allow the processing and collecting of private data without the user's permission, the GDPR demands that you gather "freely shared, explicit, informed and unambiguous" consent through an evident "opt-in" action.
  • Designate a Data Protection Officer (DPO): If a company is based outside the European Union, you may require a European agent to guarantee that your business complies with the GDPR. Nevertheless, a DPO (Data Protection Officer) appointment is optional.
  • Maintain Unambiguous Documents/ Proof of Consent: The General Data Protection Regulation also offers users a specific privilege to withdraw permission. Therefore, it must be as effortless to withdraw permission as it is to share it. Since approval under the General Data Protection Regulation is a fundamental problem, you must register and maintain clear documents related to the license.
  • Make Legally Mandated Disclosures Via your Privacy Regulation: This information should comprise who is processing the information, the user's rights regarding their data, and how they can use these privileges.
  • Guarantee that you can Safely Transmit EU Data: Under the General Data Protection Regulation (GDPR), you can only transmit EU resident data beyond the European Economic Area when specific data protections are fulfilled.

Requirements for Data Processing Contracts in the United States

The General Data Protection Regulation mandates that processors and controllers document into a lawfully binding contract when a controller employs a processor to process private information on its behalf. In addition, controllers must only use processors that deliver adequate guarantees of appropriate technical and administrative steps to comply with the GDPR. These steps should remain outlined in the company's data security guidelines.

In addition, Article 28 of the GDPR describes what must be incorporated in a Data Processing Agreement between a data processor and data controller. Initially, it must comprise the following information:

  • The subject matter, nature, duration, and objective of the data processing.
  • Prerequisites and privileges of the controller.
  • The kind of private data being processed.
  • Classifications of data subjects whose confidential information is being processed.

Furthermore, the contract must comprise the following conditions:

  • The processor handles all steps instructed by Article 32, including executing reasonable technological and administrative measures to guard confidential data from the controller.
  • They will use private data obtained from the controller only on recorded instructions of the controller (unless mandated by law to process private data without such prerequisites).
  • The processor guarantees that any individual processing private data is subject to the responsibility of confidentiality.
  • Any sub-processors must comply with the same data protection prerequisites as the processor, and the processor stays directly accountable to the controller for the conduct of the sub-processors data protection provisions.
  • They receive documented consent for any sub-processors the processor may hire to process the private data obtained from the controller. Moreover, if the controller delivers public written consent for hiring sub-processors, the controller must be entitled to object in advance to each person the processor offers to employ.
  • The processor helps the controller by executing reasonable technological and administrative efforts to reply to requests from data issues under the GDPR.

Moreover, when your US-based organization is a part of a global corporation established in the European Union, and you regularly obtain data from your EU companions about EU residents, you are subject to regulations that control these data transmissions between nations.

Meet some lawyers on our platform

Ryenne S.

130 projects on CC
View Profile

Kristen R.

40 projects on CC
View Profile

Daniel R.

9 projects on CC
View Profile

Don G.

27 projects on CC
View Profile


In a nutshell, unlike industry-specific United States compliance laws like GLBA for finance or HIPAA for medicine, the GDPR is a public data privacy law that applies to all companies, public and private, that gather or process the private data of EU citizens. That implies many US businesses are also subject to the GDPR law.

At ContractsCounsel, we are a team of expert legal professionals, and our team of competent attorneys can help you remain compliant with all the GDPR statutes applicable to US companies. So why wait? Call our professional lawyers today and make your business fully GDPR compliant.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

Keidi C. on ContractsCounsel
View Keidi
5.0 (7)
Member Since:
August 25, 2021

Keidi C.

Principal Attorney
Free Consultation
Get Free Proposal
Boston, MA
25 Yrs Experience
Licensed in MA, NY
New England Law | Boston

Keidi S. Carrington brings a wealth of legal knowledge and business experience in the financial services area with a particular focus on investment management. She is a former securities examiner at the United States Securities & Exchange Commission (SEC) and Associate Counsel at State Street Bank & Trust and has consulted for various investment houses and private investment entities. Her work has included developing a mutual fund that invested in equity securities of listed real estate investment trusts (REITs) and other listed real estate companies; establishing private equity and hedge funds that help clients raise capital by preparing offering materials, negotiating with prospective investors, preparing partnership and LLC operating agreements and advising on and documenting management arrangements; advising on the establishment of Initial Coin Offerings (ICOs/Token Offerings) and counseling SEC registered and state investment advisers regarding organizational structure and compliance. Ms. Carrington is a graduate of Johns Hopkins University with a B.A. in International Relations. She earned her Juris Doctorate from New England Law | Boston and her LL.M. in Banking and Financial Law from Boston University School of Law. She is admitted to practice in Massachusetts and New York. Currently, her practice focuses on assisting investors, start-ups, small and mid-size businesses with their legal needs in the areas of corporate and securities law.

Michael O. on ContractsCounsel
View Michael
5.0 (4)
Member Since:
February 14, 2022

Michael O.

Managing Attorney
Free Consultation
Get Free Proposal
Los Angeles
16 Yrs Experience
Licensed in CA, NY
University of Southern California

A corporate and commercial attorney with experience in transactional legal services including corporate and finance transactions, mergers and acquisitions, real estate, commercial contracts, bankruptcy, restructuring, international business transactions and general counsel services. Additional background skills and experience include investment banking, financial analysis, and commercial litigation. Sectors covered include technology, media, franchises, and business services providers, from start-ups to medium and large enterprises.

Namrita N. on ContractsCounsel
View Namrita
4.9 (11)
Member Since:
August 18, 2021

Namrita N.

Attorney at Law
Free Consultation
Get Free Proposal
Plano, TX
3 Yrs Experience
Licensed in MN, TX
Mitchell Hamline School of Law

Retired Dentist transitioned to Law, with a special interest in Commercial Real Estate, Startup businesses, Asset Purchase Agreements, and Employment Contracts. I love to help dentists and physicians with legal issues pertaining to licensing, credentialing, employment, and general business-legal questions.

T. Phillip B. on ContractsCounsel
View T. Phillip
4.8 (5)
Member Since:
August 10, 2021

T. Phillip B.

Free Consultation
Get Free Proposal
27 Yrs Experience
Licensed in IL
Drake University Law School

Attorney creating plans and strategies to help individuals create, build, protect and pass on wealth.

Robert Jay H. on ContractsCounsel
View Robert Jay
Member Since:
August 4, 2021

Robert Jay H.

Free Consultation
Get Free Proposal
New York, NY
42 Yrs Experience
Licensed in NY
New York University School of Law

My Legal career hasfocused on representing businesses (corporations and limited liability companies) as general outside counsel. In this capacity, I have drafted a broad range of legal documents as well as analyzed proposed agreements drafted by the other party's attorney to the agreement for the pupose of determining the risks to which my client would be exposed. I maintained the client's minute book if no one in-house was available for that task. Additionally, if rquested, I served as a general advisor to the client's executive offers and to its Board of Directors.

Simon C. on ContractsCounsel
View Simon
Member Since:
August 5, 2021

Simon C.

Corporate Attorney
Free Consultation
Get Free Proposal
19 Yrs Experience
Licensed in UT
Brigham Young University Law School

Corporate counsel with years of in-house experience working with and reporting to board / executive-level and upper management, along with extensive regional / national law firm background in commercial transactions and contracts, complex commercial litigation, and employment matters. Skilled at executing corporate priorities, driving profitability by implementing goal-oriented processes to achieve revenue and productivity targets, and managing company litigation and outside counsel. Recognized for creating policies and practices to address ethical dilemmas and resolving misconduct.

Jim S. on ContractsCounsel
View Jim
Member Since:
August 13, 2021

Jim S.

Free Consultation
Get Free Proposal
37 Yrs Experience
Licensed in NY
Notre Dame

Jim Slattery most recently served as General Counsel at Regional News Network, a large owner of broadcast television stations. Jim is an experienced attorney with broad-based expertise. He is a seasoned negotiator who has been involved in negotiations as complex as the Olympic Games. Jim spent 18 years as Vice President for Business and Legal Affairs at NBCUniversal. Previously, Jim worked in the media industry in various roles at All American Television. Jim’s success can be attributed to his ability to properly analyze data, manage projects, lead teams, develop creative solutions for complex problems, focus on strategically optimizing assets, manage/allocate risk and collaborate with divergent constituent groups to achieve objectives. Jim received a J.D. and a B.B.A. from the University of Notre Dame.

Jonathan H. on ContractsCounsel
View Jonathan
Member Since:
September 18, 2021

Jonathan H.

Free Consultation
Get Free Proposal
New York
11 Yrs Experience
Licensed in NY
Pace Law School

I’m an attorney focusing my practice on concierge corporate and intellectual property law for startups and high-growth companies. I also serve as outside General Counsel to several businesses in various sectors. Since founding my practice I've worked with hundreds of clients across a variety of industries. My experience as a former General Counsel of a premier edtech company gives me unique insight into the challenges my clients face and how to resolve them efficiently and cost-effectively.

George F. on ContractsCounsel
View George
Member Since:
August 18, 2021

George F.

Free Consultation
Get Free Proposal
Astoria, NY
22 Yrs Experience
Licensed in NY
Fordham University School of Law

The Law Office of George K. Fuiaxis, from the very beginning in 2002, has built a reputation with its clients as an unmatched, diligent, hands on law practice that is always on duty to find the best course of action for its clients. With a supreme pledge of exceptional service to its clients in the areas of Real Estate (Commercial & Residential), Loan Modifications, Intellectual Property, Corporate Law & Business Transactions, Wills, Trusts & Estates, the Law Office of George K. Fuiaxis creates solutions for the many faceted problems faced by its clients. The office represents several various clients, including well known lending institutions, foreign and domestic corporations, sellers and buyers of residential and commercial real estate, residential and commercial landlords and tenants, well known restaurant and business owners, automobile dealerships, airline companies, well known fashion, sports and entertainment industry individuals and corporations, information technology (IT) startups and well known IT companies.

Chris J. on ContractsCounsel
View Chris
Member Since:
August 22, 2021

Chris J.

Outside Counsel
Free Consultation
Get Free Proposal
Irvine, CA
28 Yrs Experience
Licensed in CA
Loyola Law School, Los Angeles

I'm a business law generalist with over 24 years of experience, including as in-house General Counsel, as outside counsel through my own firm and as an attorney in an Am Law 100 law firm. My employers and clients uniformly appreciate my ability to (i) negotiate and close transactions quickly and effectively, and (ii) to make the complex simple. Among other things, I can efficiently assist you on entity formation, governance, and structure; HR issues; mergers and acquisitions; and the negotiation and drafting of all types of commercial contracts. I'm the proud recipient of multiple Martindale-Hubbell Client Distinction Awards given only to the top 5% of attorneys for quality of service.

Gregory W. on ContractsCounsel
View Gregory
Member Since:
August 23, 2021

Gregory W.

Business Attorney
Free Consultation
Get Free Proposal
Los Angeles
16 Yrs Experience
Licensed in CA
University of West Los Angeles

Strategic thinking business minded Outside General Counsel here to help you with your company. I have been able to help guide business owners from startup through series A, B, & C funding and ultimately IPO's. Regardless of your plans I am here to help you succeed as you grow your business.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call