Disclaimer: This is not legal advice.<p>Blocking EU visitors by IP doesn’t eliminate the need to comply with GDPR, because GDPR jurisdiction isn’t based on where the service thinks think the user is (whether from IP geocoding or another source).<p>If an EU resident is using a VPN, or using an IP that incorrectly geocodes to a non-EU country, or behind a private corporate network and NAT that egresses traffic in a non-EU country, GDPR still applies. Any site with more than trivial traffic will have some users with those characteristics.<p>Experts debate whether explicitly requiring users to confirm that they aren’t in the EU - say, a country dropdown - is even a solution. If an EU resident visitor lies, they may well still be protected by GDPR (and the EU is large enough for enforcement to matter even if a site doesn't have an EU presence).