This would've been easier on US companies if we had our own GDPR-equivalent, which we desperately need. It could've been more sensible, yet strict enough to obtain a new safe-harbor agreement with Europe so that US companies need only comply with US law. And they would have taken it seriously before the eleventh hour.
Oh well. Interesting times! *gets popcorn*