The EU is definitely one of the more difficult, less free places for building online. I haven't heard of them coming down on small side projects, though. It would be crazy, given the goals of fostering more of an entrepreneurial tech scene, but I guess it's possible.

Even in China, which is definitely hard mode for established businesses, many hobby projects stay informal and aren't really cracked down on. My first tech job was at a startup in Beijing 11 years ago and we went through some serious hassle to get an ICP and initially just targeted the foreign market due to the lower compliance overhead. That said, none of my personal sites or games were ever blocked, as far as I know of. I knew some friends that built apps on WeChat and got fairly far before formalizing.

For a small project, I would simply ignore the GDPR. The likelihood of getting fined for a tiny project is too small vs. killing it by overcomplicating it.

Where I can, I'll sidestep GDPR (and CCPA and Australian Privacy Act and whatever) problems by explicitly avoiding collecting data that might fall foul of that.

Make "user accounts" effectively anonymous. Don't collect email addresses or phone numbers or names. Just use cookies with GUIDs or autogenerated username like the default Reddit ones (without allowing people to put their own name or other PII in). Maybe let the user keep refreshing until they get a random username they don't hate, but it'll end up being something like "Abrasive-teapot-86" and never $walletName or $emailAddress. If you need to let people move accounts between devices/browsers, let them grab their GUID and call it "secret account key" and tell them never to share it. Also let them know there's no such thing as "resetting their password" and to store that secret account key if they want to be able to recover a "lost" account.

You can't _always_ get away with that. But if you can, it saves a lot of headaches.