There are NO GDPR issues
with RB2B.

When we say “We are US-only, so GDPR doesn't apply”, some people have
follow-up questions.

Here’s an overview of how RB2B DOESN’T relate to GDPR:

1. RB2B is a US technology that fires on US soil, resolving US data subjects

In other words, we don’t have any product or service that is directed to the EU or UK, in a manner that might even theoretically subject our services to the GDPR (or UK GDPR).  

There are perhaps theoretical edge cases where our customers might themselves be subject to the GDPR -- like perhaps (by way of example) if a French travel company was specifically targeting Americans for travel to Paris – but that’s something the customer would generally know, e.g., if they are a French company.

2. Aren’t you collecting EU IP addresses to know when to fire your script?


That data collection is incidental and not tied to any product or other data.  

The relevant point is that we don’t actually do anything with any data that happens to come from the EU/UK.  

In other words (in GDPR terms), we don’t have an “establishment” in Europe/UK because we don’t engage in “the effective and real exercise of activities through stable arrangements,” i.e., commercial arrangements.  No EU/UK data is involved, at all, in the products and services that we offer.

3. What about an EU citizen living in or traveling to the US and visiting my site?


Our database is designed to exclude personally identifiable information (e.g., emails, phone numbers) of EU or UK residents – regardless where they are at a given moment.  

That is not information that we license into our database, and thus it is not information we would license out.  

While it is not inconceivable that there may be rare instances where our suppliers inadvertently provide information of an  EU or UK resident (for instance, a personal with dual residency, etc.), our services themselves are not directed to include that information, or marketed as doing so.  

Thus, we avoid being a service directed to the EU/UK that is subject to the GPDR and similar laws.

[Note -- This is basically moot because we don't have the email addresses anyway]

4. I’m a multinational company and/or have offices in the EU. What about me?

Our customers generally use our US data for US-directed products and services, which thus avoids the application of the GDPR.  

If you are marketing EU or UK-specific products, based on the EU or UK, then you may wish to consult an attorney regarding whether the GDPR applies to you, as that is a tricky concept and may be fact-specific

TAKEAWAY

Slack channels are not a great place to learn about compliance.

You should consult an actual privacy attorney if you want the truth about RB2B as it relates to GDPR.

(I am not a lawyer - so this does not constitute legal advice. But you should show this to your privacy attorney and have them opine.)

Feel free to email support@rb2b.com with any questions.

Grow Your Agency
With RB2B.

Improve Retention, Recurring Revenue, and Customer Acquisition.