We have recently counseled clients on the applicability of the GDPR to their businesses and suggested modifications to existing privacy policies. If a business (the “controller” under the GDPR) is not established in the EU, it only has to comply with the GDPR if it explicitly targets EU data subjects (people in the EU). One factor to determine whether a site targets the EU is whether the site is in a language of an EU country and that language is not the official language of the jurisdiction of the website. Another factor includes whether or not you are selling services to EU residents.
—- Intellectual Property Attorney
A legal team could help you comply if you do target those users, but you also could choose to change your business practices to avoid the application of the GDPR to your business (like not offering the website in different languages, not offering the website in these territories, or gauge the amount of sales/traffic in the EU to see if selling their is necessary at all).
IMPORTANT: Again, I am only offering information based on what I have recently learned in my own searches for preparation and actions to implement, and as such, the above is certainly not legal advice, and is more of an opinion, on how to properly prepare your own business or your own website on GDPR compliance. I hope that it is helpful to some website operators in the United States.