Tax & Compliance
GDPR + CCPA: When US Startups Become Subject to Data Privacy Laws
Collated by Aparna Devalla, CPA
Curated by Rubric Financial
1 / 4
When GDPR Applies to a US Startup
- GDPR applies if you process personal data of EU/EEA residents — regardless of where YOUR company is based.
- Triggers: signing your first EU enterprise customer, having any EU end users on your platform, even running marketing campaigns targeting EU residents.
- Penalties are existential: up to €20M or 4% of annual global revenue, whichever is higher. Even smaller fines (€10K-100K) for procedural violations are common.
- If you have ANY EU footprint, you need a GDPR compliance program. The good news: most of it is good privacy hygiene that helps with other regulations too.
Related Resources
Tax & Compliance
R&D Tax Credits for Startups
Discover how your startup can claim R&D tax credits to offset payroll taxes or reduce income tax liability by up to $500K per year.
Tax & ComplianceSeed-Stage Tax Return Guide
Why pre-revenue startups must still file tax returns, the key forms involved, and how to claim the R&D payroll tax credit even before generating income.
Tax & ComplianceBeneficial Ownership Information (BOI) Reporting
What the FinCEN Beneficial Ownership Information reporting requirement means for startups — who must file, what information is required, and the penalties for non-compliance.
