Re: I think I got sth better
"what were they doing with your data prior to that in the first place so they cannot make themselves GDPR compliant" …...
More likely they have done a risk assessment and concluded your business is not valuable enough to them to mitigate any risk of GDPR penalties. If only 0.1% of your profit comes from EU folks its hard to justify spending much money on compliance and if you do it on the cheap there is always the risk of mistakes leading to costly fines.
Biting the hand that feeds IT
