> If the website serves EU users and collects any personal data then it must follow GDPR.
The EU really wants you to believe this, but national sovereignty is a real thing and I’m not aware of any law under which any country will extradite their own nationals to the EU for violating EU law. In general, you are only subject to a country’s laws if you are in their jurisdiction.
If you run a website that serves EU users without following GDPR, and you’re not a business with a presence in the EU, what exactly is the EU going to do to you? Arrest you when you vacation in Europe, maybe, but if you don’t do that, it’s not like they have a China-style firewall.
The EU really wants you to believe this, but national sovereignty is a real thing and I’m not aware of any law under which any country will extradite their own nationals to the EU for violating EU law. In general, you are only subject to a country’s laws if you are in their jurisdiction.
If you run a website that serves EU users without following GDPR, and you’re not a business with a presence in the EU, what exactly is the EU going to do to you? Arrest you when you vacation in Europe, maybe, but if you don’t do that, it’s not like they have a China-style firewall.