I'm unfortunately able to find it, but I was pretty sure a lot of the restrictions around doing business in the EU require a certain $ amount transacted or web traffic. Citation definitely needed but that would make sense, as it's how a lot of laws are written.
This might be about the digital services act or digital markets act. GDPR doesn't discriminate even between large businesses and individual consumers.
Of course, a data protection authority will look at the circumstances, and the GDPR is 80% common sense, 15% communicating better what you do with people's data, and 5% required boilerplate that makes every privacy policy so redundant and dull and long that nobody reads it - but the point it, it does apply, as do most laws. Only when it's about monopoly positions that might disrupt the market, then exceptions are generally in place to protect newcomers that promote competition (or perhaps if you run a communications network only for friends noncommercially you might not be required to make it tap-able).
