Why do you think you can trust the people that handle the data just because it's illegal to do something in Europe? If the entity running the website or handling the data is outside of EU jurisdiction then they can take all of your data and there would be no repercussions for them. It's also possible that you agree in some step to having your data used or your data falls under one of the exceptions. GDPR is feel-good legislation first and foremost.
>Why do you think you can trust people not to do illegal things just because they're illegal?
It depends on how sensitive the data is and how much I trust the company. I trust my bank to handle my money because if they do something shady I can rely on the justice system. But I would not trust random websites with data I wouldn't want them to have, GDPR or no GDPR.
There's nothing stopping a Chinese website from ignoring GDPR and taking your data and selling it. You don't even have legal recourse there.
