I am in the US too, and this is definitely (100% certain) not right.Not a lawyer either but can guarantee this doesn't affect barely anyone outside of a small jurisdiction in the EU.
For some reason the reaction from several here seems to be to assume that they can't do this to us or that it doesn't apply to most of us.
Do some research. They can do this, US companies are spending big bucks to get prepared, and it applies to many of us (virtually all of us who are making money from our forums).
What is likely true is that most of us are too small to attract attention. But I'd like to have the tools necessary to not have to rely on luck to avoid trouble.
This is a good brief article to get started on learning about the GPDR: http://www.computerweekly.com/news/450296306/10-key-facts-businesses-need-to-note-about-the-GDPR
Some quotes worth noting:
"This means that any company that works with information relating to EU citizens will have to comply with the requirements of the GDPR, making it the first global data protection law."
"The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information."
"The GDPR does away with the criterion of number of employees and focuses instead on what organisations do with personal information."
That is just the tip of the iceberg.