[AmericanChopper]

Can you point to some case law that says EU data subjects consuming US based services will not protected by GDPR? Because one of the main points of the legislation is that the EU will use it to protect their data subjects in every jurisdiction. You’re probably right, but you won’t be able to direct me to a lawyer who would be willing to evaluate a business and determine its GDPR exposure for $0.

[adventured]

You're asking me to argue or prove a negative.

You might as well apply the same premise to US vs EU vs Chinese (vs any other country) freedom of speech laws.

It's the exact same jurisdiction premise on how rights are governed, whether we're talking about privacy or otherwise.

Just because I'm an American, that doesn't give me US freedom of speech protections when I step foot into EU countries or Brazil or China or North Korea. I'm bound by the local laws on most things, with few exceptions.

[AmericanChopper]

I’m asking you to prove a negative to demonstrate that no US company could adequately assess their exposure at present, and they certainly couldn’t do it for free.

You seem to not understand that one of the core principles of the GDPR is that the EU intend to enforce it in all jurisdictions. Which they can do without an armed invasion using trade treaties, and instruments such as the New York Convention. For any entity anywhere in the world that doesn’t do business in the EU, blocking the entire union is the most risk averse and cost sensitive option.