[niko001]

When you make a reasonable effort to block access to EU users, EU citizens aren't covered under GDPR if they happen to access your site from a non-EU country temporarily:

"This won't apply to every U.S. business — just the ones that are knowingly, and actively, conducting business in the EU. In this vein, EU courts have the discretionary ability to determine if a U.S. company was purposely collecting EU resident data and subverting GDPR compliance. So, in some cases, the inadvertent collection of personal data will be forgiven if it is found to have been occasional and "unlikely to result in a risk to the rights and freedoms of natural persons."

(from https://community.spiceworks.com/topic/2007530-how-the-eu-ca... )