So, given that there's no DPA in the US (as far as I'm aware, there are also none in China, India, Australia, etc), how would the GDPR be enforced against an entity with no physical presence in the EU?
On paper it can’t.
In practice since the EU expects EU entities to essentially mandate GDPR compliance form their non-EU partners in order to be complaint it’s is pretty simple at least for ecommerce.
PayPal could tell you you must comply to accept payments form the EU and likely in the same manner they handle everything which means no guidance, benchmarks or clear directions and it would be up to you to figure it out.
By PayPal I don’t mean just PayPal but any other payment processor or service provider which you are dependent on.
