Knowledge Challenge

A US-headquartered SaaS company sells to EU customers and stores all customer data in an AWS Frankfurt region. Their observability stack (Datadog) ingests application logs containing customer email addresses to a US data center. Their on-call engineering team is US-based and can SSH into EU production for incident response. Are they GDPR-compliant?