GDPR is a set of rules that any company that has an 'electronic presence' in the EU must follow. It regulates how you must handle user data - like log-in data, and any other personal data of a user. It doesn't matter if your company is based within the EU, the rules can apply to businesses located outside the EU. If you have a web site that people from the EU might use, then you need to follow GDPR rules. Additionally, there are rules that are set by Germany, Russia, Italy, and California. Plus, a good number of the GDPR and other privacy rules are just good for the user ... and should be good for your business as well.
Joomla introduced some core systems that make following the GDPR much easier; however, it is not a 'plug and play' type of solution. It requires quite a bit of configuration to get GDPR compliance with the core Joomla systems. There are several Joomla extensions that have been released to make that process a bit easier, but knowing which ones to use and how to properly configure them can take some effort.
And just because you don't 'target' users in the EU doesn't mean that you aren't obligated to follow the rules. Your web site likely is accessible in the EU (and all around the world), so you need to be following those rules (unless you have intentionally blocked access from those countries*).
We can help you with that process. Because we set-up GDPR and other rules-compliant configurations on sites regularly, we can help get your site GDPR/CCPA/EUGH/etc compliant without you needing to worry about all those details. You can focus on your core business-building task list.
Get in contact with us today to find out how we can make your site compliant with the various privacy rules.
*NOTE: If your web site is hyper-local (i.e. only needing to serve your local area, or within your own country), we can set-up restrictions to block access from the EU or other countries where you don't want people to visit from.)