Until I understand the legal implications (ethics are subjective so I do not really care about that) of the GDPR on my website I have implemented firewall rules on my web server that block all traffic originating in the EU.
Some may think my actions are extreme. Perhaps they are. But since the regulations treat all actors the same regardless of size, I’ll err on the size of caution. I thought I lived in the USA and was subject only to those laws but ... apparently not.
I have some friends in Italy, Germany and the Netherlands who will no longer be able to visit my web site. That’s too bad.