Well, it seems we agree that the EU can make a law theoretically-legally affecting non-EU entities.
Can that law be enforced? That depends on whether YC has a representation in the EU, or people from YC plan to visit the EU in the future, or many other things. Maybe the EU gets creative to find other ways of enforceability. I don't intend to give a full assessment of the ways of enforcement.
Either way, it is not a nice thing to have a big jurisdiction going after you.
One can avoid the GDPR by not handling data from or about European citizens or people in the EU, and having no presence there, and actively filtering out affected people.
Can that law be enforced? That depends on whether YC has a representation in the EU, or people from YC plan to visit the EU in the future, or many other things. Maybe the EU gets creative to find other ways of enforceability. I don't intend to give a full assessment of the ways of enforcement.
Either way, it is not a nice thing to have a big jurisdiction going after you.
One can avoid the GDPR by not handling data from or about European citizens or people in the EU, and having no presence there, and actively filtering out affected people.
Or one can implement the GDPR.