Client requests either GDPR Compliance or DPF Compliance. US companies can be "exempted" from the GDPR regulations, as long as they are on the DPF program (US/EU Data Privacy Framework), which a lot of companies are. REF: https://www.dataprivacyframework.gov/s/