Short answer. It depends but ordinarily … NO!
IANAL but the information in this Compliance Junction article seems legit. Two staff members from Pivoti covered PCI DSS and GDPR at last nights ( and at times contentious) GDPR and Privacy Event of the New Jersey Chapter of the ISC2.
So … hey Europeans. If you come to the USA and shop at the small local shops in my town, don’t expect you’re EU legal rights to be respected. The local coffee shop which has no presence in the EU and has no website that sells/service EU citizens is not subject to GDPR. If you are a local business, the local business association or chamber of commerce in your town may be the best place to get help. EU laws do NOT apply to natural persons or US only businesses doing business in the USA.

The primary determining factor is the location of the individual when considering whether GDPR rules apply. Any business or organization that processes the data of people living within the EU, no matter where the group is located, should comply with the GDPR stipulations or face being fined for non-compliance.

Chris Aldrich and David Shanske, I think that you will be happy to know that Webmentions should meet the intentions of the GDPR if:

they have a privacy policy in place that lists articulates the information their website collects,
if they disable any sort of analytics,
and have a way to remove/anonymise IP addresses in their database and logs,
provide a way for users to remove ordinary comments (or move those to Disqus) since Webmentions already support deletion.

I am leaning toward using the open-source Isso on this website.