In general within Europe if you work with personal data, the law of the EU member state in which the company is located applies. Eg. I used to work for an international company (not Austrian) BUT because the legal seat of operations for the database was located in Austria, we had to conform to the Austrian laws an data protection, even when collecting data from people who were not residents or nationals of Austria.
I have been trying to find the official source for this but can't right now - it was an internal guideline from a company I no longer work, quoting an EU regulation and giving the interpretation of a lawyer ( a conservative, meaning cautious, interpretation)
I would assume therefore, that if your country of operation is the US, US laws re. privacy apply. However, I am NOT a lawyer!
Which leads me to my second point - exactly because the individual laws on data protection are different in each member state, and govern each intricate detail down to how you collect and store the data and who you can pass it on to, I do not really think that you can as a lay person ensure compliance without legal expert advice. As laws are not only stringent but it is possible to sue you would want to be on the safe side. As you say, they are lengthy, technical and difficult to interpret, I can only recommend you to get expert legal advice.
As a starting point, try http://ec.europa.eu/justice_home/fsj/privacy/...
If you read the individual articles on "Your rights as a citizen" you get a better picture)
If you google some more, use the German word - Datenschutz - it might get you furthest as the Austrian and German laws are the most stringent, I am told.