> What happens btw if an American company just ignores GDPR but still welcomes European visitors? Why would they care about EU law?

EU claims EU law applies to US sites if a EU citizen visits it. This has yet to be tested in court though. I'm incredibly skeptical that it can be enforced.

Works the other way about piracy or drugs or anything.

It seems weird that someone doing something in another non-EU country would involve the EU at all!

If the American company doesn't sell things to European customers I don't think GDPR even applies.