How do I stay GDPR compliant with multi-account ops?

GDPR applies when you process personal data of EU residents, regardless of where you operate. Multi-account operations often involve collecting names, emails, IPs, and behavioral data across accounts. Compliance requirements: 1) Legal basis — identify your legal basis for processing. Legitimate interest works for competitive intelligence and market research. Consent is required if you contact individuals directly. 2) Data minimization — collect only what you need. If you are scraping publicly available business data, you do not need to collect personal identifiers. 3) Right to erasure — you must delete personal data upon request. Maintain records of what data you hold and where. 4) Data protection impact assessment (DPIA) — required for large-scale profiling or systematic monitoring. If your operations fall into these categories, document risks and mitigations. 5) Data storage — store personal data in EU or countries with adequacy decisions. Encrypt at rest and in transit. Best practices: avoid collecting personal data when business data suffices, maintain a data inventory, implement deletion workflows, document your processing activities, and consult a data protection officer if operating at scale.