> The GDPR is going to expose me to fines of up to 20 million Euros for even the slightest transgression
> No, the GDPR has the potential to escalate to those levels but in the spirit of the good natured enforcers at the various data protection agencies in Europe they will first warn you with a notice that you are not in compliance with the law, give you some period of time to become compliant and will - if you ignore them - fine you. That fine will be proportional to the transgression. You can of course ignore the fine and then ‘all bets are off’ but if you pay the fine and become compliant you can consider the matter closed.
What if you get warned and decide at that point to just shut the site/app/business/project down?
Or is it the case that once you begin operating under the GDPR era, you'll have to handle those "good natured" enforcement warnings, delete data, etc?
I get that I'm probably compliant, and probably wouldn't have any complaints against me. I just don't know if it's worth waiting it out to see if there's an issue, or if now is my only chance to easily not deal with it by just blocking EU users.