I was really wondering that as well. Can we be held accountable?
It would be nice if the GDPR had a piece about “if a company refuses sales, even if they accidentally happen, the company isn’t liable” and/or “blocking EU IPs or redirecting to a no sale page is sufficient to avoid compliance”.