[mitraillet]

Your question is legitimate and I think it's like a car or any other product who are responding to a lot of laws and rules and that is new in computer development.

When there are a law/rule, you need to take it into account and so add it in your scope for the client EU and no EU, because we never know who have access to the site. And in any case, you need to mention it to your customer if your website is or not GDPR compliant because if you don't say it to your customers may be he can attack you if they have issue with the compliance.

So protect yourself and say it to your client that was not into the scope and so it's a new feature that he need to pay for