However, EU GDPR legislation permits the EU to do whatever it can go after noncompliant sites in any jurisdiction. The legislation also requires all new trade agreements between the EU and other countries to be GDPR-compliant. The legislation permits them to go after "noncompliant" sites for 4% of worldwide revenue. So it's quite brutally extraterritorial by design.
The interpretation of the regulation does not require large fines for small infractions by non-EU-focused sites, and indeed the regulators presently work to be eminently reasonable about such things, but the lines are fuzzy and the interpretation could change without further legislation — and even if you could defend yourself against such a case, it may be ruinous anyway.
However, EU GDPR legislation permits the EU to do whatever it can go after noncompliant sites in any jurisdiction. The legislation also requires all new trade agreements between the EU and other countries to be GDPR-compliant. The legislation permits them to go after "noncompliant" sites for 4% of worldwide revenue. So it's quite brutally extraterritorial by design.
The interpretation of the regulation does not require large fines for small infractions by non-EU-focused sites, and indeed the regulators presently work to be eminently reasonable about such things, but the lines are fuzzy and the interpretation could change without further legislation — and even if you could defend yourself against such a case, it may be ruinous anyway.