you're saying that blocking eu ip is insufficient. so you can, at leisure, forcibly subject anyone to attack by gdpr, against their will, by circumventing their access controls.

the only way for all businesses around the world to avoid abuse and subjugation to eu regulators, who they cannot influence, is to not exist at all?