That sounds nice in theory, but in a global setting, how will it really work?
Per GP comment, there is a whole tech stack of N providers, each piece made or running in a different country, pushing data to servers in another country, which data is bought by interests in a third country, for M destinations. Then you get the providers who intentionally don't store data in GDPR countries specifically so they can avoid these rules. Look at what Uber already does to skirt the authorities. So you have at least MxN countries possibly involved or whatever. If your data is released, it'll rattle around in a pachinko machine of jurisdiction debate for years against well funded, malicious corporations.
It doesn't seem like any rule is enforceable in practice.
If a company even stores a record of a single EU citizen, the GDPR applies to it, and the EU has the right to seize the assets of the company for the purpose of enforcing it.
If you were to only offer your service in North America, but someone from the EU comes over to North America on vacation, and somehow becomes recorded in your service.
It'll work for the big, entrenched companies like Facebook who couldn't bear to be without its UK customers, for example. But I don't see the EU successfully going after every little dot-com startup from Alabama to Angola, many of them in jurisdictions that barely have a functioning legal system, let alone respect for EU law.
If such extraterritorial enforcement was actually possible, there would be no 419 scammers.
Per GP comment, there is a whole tech stack of N providers, each piece made or running in a different country, pushing data to servers in another country, which data is bought by interests in a third country, for M destinations. Then you get the providers who intentionally don't store data in GDPR countries specifically so they can avoid these rules. Look at what Uber already does to skirt the authorities. So you have at least MxN countries possibly involved or whatever. If your data is released, it'll rattle around in a pachinko machine of jurisdiction debate for years against well funded, malicious corporations.
It doesn't seem like any rule is enforceable in practice.