Under the provisions of the US Patriot Act the personal data of your customers based in the EU can be shared with US law enforcers without your customer being informed, even though this conflicts with EU data protection laws. The Patriot Act applies not just to a business owned by a US company but any business using the services of a US subsidiary for data processing or a data centre located in the US.
The Patriot Act
The Patriot Act gives US law enforcement authorities the right to access personal data held by you, regardless of where in the world the data is stored. The Act also gives US law enforcers the right to prevent you from informing your customers that you have had to hand over personal data.
Conflict with EU Data Protection Laws
If the Patriot Act applies to you, you should have procedures and measures in place to deal with any requests for information under the Patriot Act. These procedures need to be set out clearly in your terms of business or privacy statement, bearing in mind your obligation to comply with this particular US law.