GDPR protection for the uninformed

This morning I stumbled upon this beauty in a Reddit post: GDPR shield. User Greatbytes, whom I suspect to be the owner, advertises the GDPR shield 'solution' as follows:

"While I love the EU's new data privacy regulation from a user's perspective, it's a nightmare for businesses to achieve compliance, because of the (sometimes intentionally) vague language of the law. And even if you pay an experienced lawyer to draft the policies and procedures required by GDPR, there's a very real residual risk of predatory law firms collecting penalties from mass-mailed cease-and-desist letters based on technicalities. Even if your business isn't located within the EU, you are required to comply with GDPR because the location of the user matters.

I've built a tool that blocks users who are trying to access your website from within the EU as a short-cut to compliance, which makes sense if your business isn't reliant on EU users and you don't want to spend thousands in legal fees to achieve GDPR compliance."

This scam, for that's what it is, preys on the fear, uncertainty and doubt that the GDPR instills in people that trust hearsay instead of their own intelligence. The GDPR is not aimed at websites that accidentally attract people from the EU, but at organisations explicitly targeting their activities to EU territory. And I suspect the German owner of the GDPR Shield website, a learned Doctor from Düsseldorf, knows this very well, considering the first paragraph on the site contains the following sentence:

If you aren't targeting EU users, simply use GDPR Shield to block all traffic from the EU.

The simple fact is, that if you aren't targeting EU users, you don't need GDPR Shield. And if you are, you don't want GDPR Shield. GDPR Shield is a solution to a problem nobody has. Plans start at $9 a month.