[dingaling]

> IIRC, the law applies to euro citizens both living in country and abroad.

GDPR doesn't mention citizenship, it applies to any Data Subject who is a 'natural person'. The scope is stated as 'whatever their nationality or place of residence' which is universal.

So just blocking EU residents is not enough, one would have to also ensure that no other data is processed (1) within any country implementing GDPR or (2) anywhere in the world if you have a controller in the EU, his role being a sort of GDPR proxy.

Even saying 'within EU' is actually inadequate; the Isle of Man has implemented GDPR but isn't in the EU and there are probably other examples.