I wouldn't get worked up about it @KuJoe, but essentially @LAwLz is correct, it's fine if the block EU users from joining, that's the other option, however if they are going to do business in the EU then they need to pay taxes and comply with EU law. You can't think about the internet as having nations in the same way as the planet does, each site can choose to be a part of any number of nations by doing business there, or to not be a part a nation, and not to do business there.
Law is hard, it's been behind with internet commerce for a very long time, and companies have taken advantage of it. When companies go to far, or things go wrong, governments have a responsibility to intervene.
The moral of the story is, if you are a part of a disruptive trending market, i.e. the internet, and you don't want to be legislated by governments around the world then you need to never allow any personal data to be stolen from yourself, any of your competitors, or any unrelated person on the internet, from Google to your local sports club, you need to act responsibly. What you don't see when you hear about GDPR is the cost of the problems not having it would bring, imagine this:
Joe Blogg's, your neighbour from down the road, he used a site to buy a PlayStation at a really great price the other day, he got it at a really good price because the company sold his data to a 3rd party, that 3rd party now has all of his contact details, perhaps his banking details, the IP address of his machine, who knows, perhaps his crappy password that he uses for everything, etc. This 3rd party is totally invested in not letting anyone know what they're up to with this data, since governments would probably get in the way and make things more difficult and expensive if they found out, so they actually don't use the data to do anything malicious, they only use it to profile you and sell that information on. A few years pass and Joe Bloggs is still using the same crappy passwords and the 3rd part is hacked/ransomwared, etc. Ignorant Joe Blogs is now robbed of a lot of money, all his accounts are stolen and sold on, imagine a steam account going on sale, a google account, a lastpass account, Dropbox, your banking details, etc.
This isn't a difficult scenario to imagine, and it happens all the time. It's very well saying, well it's impossible to stay ahead of the curve, however, it's governments responsibility to drive innovation where they see fit, they give tax breaks for certain industries, they setup cities that work well, they ensure the countries infrastructure is of a good standard, and most importantly, they make sure that their population is safe, financially, physically, mentally and socially. Governments that are not trying to do those things are short changing you, honestly, with the amount of tax you have to pay, it's daylight robbery.
I'm a British Development Operations Engineer living in Germany, I don't agree with all of what the EU government does, especially regarding the internet, however they are a fairly democratic institution, they do have the right intentions, they can just be totally ignorant when it comes to modern technology.
The TLDR version though, if a site doesn't want the hassle of providing that level of protection to their users then they don't have to do business in the EU. If that means that too much of the internet is out of reach of the EU and it has a negative effect then it might be changed back or softened, but in general it's my opinion that GDPR is a good thing, it's this load of rubbish that is going to be more of a problem.