[someguy2018]

Assuming you actually do something with your user's data -- and virtually every online business does -- then I think it is true that GDPR comes into play as soon as you have a single EU user. How you market the service is no longer relevant.

I wish it were as easy as saying the law doesn't apply if your business doesn't target EU business. Unfortunately I don't actually think it's possible to escape GDPR. Even refusing to serve all EU IP Addresses wouldn't be completely effective.

I'm sure lots of companies view this as an opportunity. Especially the big ones with experience with compliance issues, in-house counsel, etc. It's going to be tougher on the small guy.