That's option c, ignore EU law and forever give up the possibility of doing business there. The larger a company is the less likely it is to find that route palatable.
If you are taking EU citizens' data when they access your website from within the EU, then of course the EU will prosecute you for that.
Just like they will prosecute you for scamming EU citizens, for hacking EU citizens, for impersonating EU citizens, and anything else you can do to EU citizens while being located somewhere else.
Because they explicitly worded the law to threaten exactly that. It's the exact same thing the US does with the financial system. They intentionally claim extraterritorial jurisdiction; it is doubtful you would want to try calling that as a bluff.
