The fundamental problem with GDPR is that the European Union wants to tell the rest of the world how they have to conduct business. Not only is that inherently wrong, it's completely un-scalable. I truthfully don't believe they actually thought this through to its logical conclusion.
What happens with Scamstamistan passes a law that says if anyone else in the rest of the world doesn't respond to their scam emails that you can be fined $10,000 per scam email you're sent? Stop and think about it: We have 195 countries in the world. The idea that every single country can legally bind every single resident of every single other country is preposterous - and yet that's exactly what the EU is proposing.
Consider the impossibly complex legal quagmire it would create with 195 countries claiming everyone else has to following their laws and regulations. International commerce as we know it would grind to a halt. The cost of compliance for a small business would be prohibitive; only the very largest companies could afford the expensive legal representation needed to comply with the constantly-changing laws and regulations of 195 different countries.
It's wrong, and it's bad for commerce.
Let's be honest here: the real reason that GDPR is even a thing is that people are lazy. People enter into purchases and agreements without ever reading the terms of service or privacy policies, and then they want to blame the company for their own personal negligence. That's what GDPR is about. It's about enabling people to avoid personal responsibility.
We completely respect the right of a people to govern themselves - and that includes ourselves. Just as we respect the right of European Residents to pass laws and regulations about how commerce is to be done inside their borders, we have this exact same right to decide how commerce will be done inside ours.