That's not as easy a solution as it appears - the GDPR isn't the only piece of personal data legislation in the world. If your strategy is to keep track of all the places that place responsibilities on you for collecting personal data and reject users from those locations then, you need to be looking at every state in the USA (Californian citizens have a consitutional right to privacy), and many countries across the world have various data protection laws.
