My 2 cents (so not enough to get you coffee at Starbucks): I think a lot of companies are taking a we don't know if you're in the EU or not approach, we're asking you to opt-in or opt-out or telling you what our privacy notice is across the board/protecting your privacy because it's easier to deal across the board than try to sort out EU etc. Heck, I've gotten privacy notices from multi-national firms as well as domestic firms, small-time book authors, local shops, etc.

BTW - for those unfamiliar w/ GDPR:

"What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018."