[ucaetano]

What would the regulators do? Block the service?

But that is one part which is confusing to me, from the UK ICO:

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

Additionally, the GDPR does not apply to actions taken before and during the transition period (which ends now).

In this case, Instapaper does not offer goods or services to individuals in the EU. It actively blocks any user inside the EU.

Does that mean that Instapaper is no longer subject in any way to the GDPR?

In other words, if you had a company that had operations in the EU, but left the continent 2 years ago, and no longer has any activities with any EU individuals, does the GDPR suddenly apply to you?

[vertex-four]

If you continue to hold data from EU residents, it’s somewhat likely that the GDPR applies, or that a court will decide it does some way down the line. If you employed a competent lawyer for about an hour they’d ask you why you’re storing that data if you’re never going to use it again, given the risks.

[ucaetano]

Holding the data or not is irrelevant, the tricky part is compliance.

If the GDPR applies to you, you need to hire a DPO based in Europe, as well as having a EU contact that will be responsible for any fees that you incur.

If you did business in the EU but no longer does, do you now have to hire a DPO in the EU and have a local contact responsible for any liabilities?

Managing the data is the easy part.

[vertex-four]

There’s no obvious reason why you’d have to, provided you delete all data related to EU residents.

[ucaetano]

You didn't read GDPR. Deleting isn't enough, if GDPR applies to you, you need to follow all the compliance requirements, including hiring people, providing proof of deletion if investigated, etc.