Yeah, but a lot of the rules around privacy and personal data make it hard to accept business from Europeans. If you are a small business or startup you might not even accept business from Europeans because navigating these rules are almost impossible.
I'm not sure how this makes sense. Functionally the rules are the same across the entire bloc and it's pretty straightforward: unless you have a legitimate reason to store the data, you need to ask for consent and the consent must be free. I want to make more money is not a legitimate reason. I have a legal requirement to fight financial fraud is a legitimate reason. Obviously the reality is more nuanced, but understanding this basic idea gets you there 95% of the way.
Just don't track users. Don't store any information you don't need, don't try to spy on them beyond what information they choose to share with you freely, and the GDPR has zero issues with you.
