The high-level view of what GDPR expects your business to do:
1. Get explicit permission to collect user data.
2. Disclose how that data will be used.
3. Offer a mechanism for users to withdraw or change that data.
4. Pay stiff penalties if you violate rules 1 through 3—no matter where your business is based.
Does This Affect My Small Business?
The short answer is yes, probably. If your website could collect data from an EU citizen—an email signup for your newsletter, a credit card order for a t-shirt—you need to double check that your business is compliant. Not only will it keep you on the right side of the law, it will demonstrate to your domestic clients that you value their privacy.