[takeitto]

The internet doesn't know, but e-commerce/data business pretty darn well knows where their customers/users are situated.

The old web was mostly static websites. We spoke of visitors. The new web is app-ified/interactive, walled off to logged-in agreement-abiding geolocated users, and even a single logged-out "visit" broadcasts this to 100s of trackers who will remember your every move online.

[eli]

Odds are whatever you were using on the old web to measure visitors would be a data processing activity under GDPR.

[ForHackernews]

If you aren't collecting and storing PII, you have nothing to fear from the GDPR. Even if you are, you're fine as long as you only collect what you legitimately need to offer your services.

[brassattax]

including targeted advertising campaigns?

[ForHackernews]

IANAL, but if your company is a targeted marketing company (think Groupon) and users sign up explicitly to get sent offers, then you're probably in the clear. If your company offers some other service, but you also want to sell your users' data for targeted marketing, the GDPR requires you ask for and get real consent.