I think that you would store some data just to do business with someone(name, address, email address, etc)--so it is a bit trickier on the dealing with EU laws, when being in the USA and not keeping up to date with their laws. Not a deal breaker from a technical perspective...but something to be mindful of, and most people would not realize that it is not as straight forward as one would think to do business with anyone in the EU.
Once you store the data...then you are obligated to come up with ways to delete the data, and have an auditing mechanism that you have deleted their data if they ask you to. Either way, it is just additional overhead that someone has to think of when doing business in the EU that if they are from the US, would not think about.
Some of the examples in the link....
"
We used to sell online training to the EU.
We’re a small business based in the US. We sell consulting & training for Microsoft SQL Server.
You wouldn’t think that would be a big deal – but you’d be surprised. For example, students send us information about their databases all the time as part of asking questions – and they often send it unsolicited, through unencrypted email channels. That information ends up all over the place: our mail server, our desktops, phones, laptops, search indexes, etc. I’m not really worried about us maintaining the confidentiality of that data, but now we’d have to add in new audit-able tracking.
See, under the GDPR, if someone asks us to delete their data, we not only have to delete it, but we have to audit that we deleted it, and maintain those records for EU authorities. And then respond to EU requests for that documentation."