Thanks for your feedback. I have heard from some of my friends who also run small businesses that they also plan to do nothing. I think for a purely practical perspective, it's extremely unlikely that EU regulators will go small software, app or web businesses in the US – I'm sure they have bigger fish to fry. That is, unless the small business does abuse their customers data and privacy resulting in a large number of complaints to EU regulators. Still, I think almost all of GDPR is pretty reasonable and not very costly (time or money) to implement (at least to me).