Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?
To operate in the EU a lot of larger companies (think Facebook’s and Googles with offices in EU) require their data to be kept in a EU based data center or follow strict safe harbour rules. https://www.ftc.gov/business-guidance/privacy-security/us-eu-safe-harbor-framework
Failure to do so could mean your site can’t operate in the EU, you couldn’t sell adverts to eu, you couldn’t collect payment from EU, you may even have site blocked.