IANAL, but the UK has kept (for now) an implementation of the GDPR, and judges may opt to take into account the GDPR their law was based upon when it was drafted. However, there's no guarantee they'll consider that with too much weight, because they're no longer bound by the EU legislation. For the UK, I'd say the current state is "probably just as illegal, until the law changes, but it's not been tested in court so you may risk it".
The GDPR covers the privacy of individuals residing in the EU. That means you don't need to track which user has which nationality, you can just make decisions based on the location of your users. If you're an American company targeting American customers then you don't need to worry about Europeans passing by on their holidays. If the request comes from the EU, don't load your personal data collection code, internal or external, if you're unsure about the legality.
That said, if you don't offer any services (free or paid) to the EU and one of your customers happens to use your service on a business trip, you don't need to worry either. This mostly applies to contracts and data procession, much less to actual websites and web services reachable from anywhere, but it's an exemption that'll save a lot of data hoarding companies that track Americans, Asians, etc. through indirect means.
The GDPR covers the privacy of individuals residing in the EU. That means you don't need to track which user has which nationality, you can just make decisions based on the location of your users. If you're an American company targeting American customers then you don't need to worry about Europeans passing by on their holidays. If the request comes from the EU, don't load your personal data collection code, internal or external, if you're unsure about the legality.
That said, if you don't offer any services (free or paid) to the EU and one of your customers happens to use your service on a business trip, you don't need to worry either. This mostly applies to contracts and data procession, much less to actual websites and web services reachable from anywhere, but it's an exemption that'll save a lot of data hoarding companies that track Americans, Asians, etc. through indirect means.