I can't tell if this is a fake service or not, but blocking users from EU IP address ranges (which I'm assuming how it works) will still not stop the EU from following a trail of data that could originate from your organization.
That's the biggest thing from the EU's GDPR rules - what is your organization's data inventory, how does it map outside of your organization, and how are you securing PII?
If a complaint is made from someone who is an EU citizen, and another organization shows logs that they got this information from your web app or service, that will trigger an audit from the EU. Blocking access to a subset of IP ranges will do absolutely nothing to stop this, and will not stop the sharks once they have smelled blood.
In a sense, the EU has plain rules that you can protect against, unlike the FTC/FDA (for HIPPA etc) who are vague and will not disclose how you can protect your own organization.
That's the biggest thing from the EU's GDPR rules - what is your organization's data inventory, how does it map outside of your organization, and how are you securing PII?
If a complaint is made from someone who is an EU citizen, and another organization shows logs that they got this information from your web app or service, that will trigger an audit from the EU. Blocking access to a subset of IP ranges will do absolutely nothing to stop this, and will not stop the sharks once they have smelled blood.
In a sense, the EU has plain rules that you can protect against, unlike the FTC/FDA (for HIPPA etc) who are vague and will not disclose how you can protect your own organization.