[billconan]

How will EU enforce it? Say I run a small forum website from the States. Will they censor it if I don’t comply?

As much as I want to comply to it, I found it’s difficult to comprehend its requirements and translate them into concrete code.

[nynno]

They have the mechanisms to force (EU) law compliance, so far big enterprises (e.g., Amazon, Facebook, Google, ...) has been fined with billions of EUR, even though these companies are from the States. I believe that micro/small business, if not inside the EU, can go under the radar.

However, GDPR is so big, and it's here to stay, and my opinion is that will, in the years to come, the way how companies handled personal data, not only for EU citizens.

One interesting aspect of the GDPR is that you, for example, as a processor, must be compliant so that I, as a controller, will work with you. If you think about that, it will soon be evident that GDPR compliance can be strictly a business decision, like ISO certification.