> I don't get why so many US based websites are concerned about an EU law.
Given that they likely have paying EU customers for subscription, they operate in the EU area. Which means they can be subjected to GDPR. Enforcement would be difficult, of course, but not impossible (think of seizing credit-card payments or bank transfers for sales proceedings of printed NYT in Europe).
I don't get why so many US based websites are concerned about an EU law.