Hmm. I actually said that because that's what the GDPR training that I was forced to undertake by my employer taught me. That being said, reading the reguglation now shows me that was a misunderstanding.
That being said it wouldn't require the EU to create laws which have jurisdiction above the US supreme court - if a company has any activity within Europe the European courts can act. There are other examples - for example UK libel law allows people under certain circumstances to sue for libel in the UK even if both parties are not UK citizens and the libel itself occurred outside the UK. Another example is the US CFTC which claims jurisdiction over all swaps transactions even if both parties are non-US and the swap itself happened outside the US.
What you are describing in the case of the GDPR would be like a US company - Facebook for example - being regulated by the GDPR. But while Facebook is in the US the data someone in the EU is creating is inside the EU, so it doesn't really matter if Facebook is targeting EU citizens or not since the data is not (at first at least) in the US and transferring it there is illegal if it doesn't follow the GDPR. That being said I'm aware that there are situations where a country will punish something happening elsewhere but it still isn't reaching outside its borders. If the EU want to punish Mark Zuckerberg it cannot touch him or his assets unless they are inside the EU without the cooperation of the local court or government. That was the reason Privacy Shield got overturned.
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELE...
That being said it wouldn't require the EU to create laws which have jurisdiction above the US supreme court - if a company has any activity within Europe the European courts can act. There are other examples - for example UK libel law allows people under certain circumstances to sue for libel in the UK even if both parties are not UK citizens and the libel itself occurred outside the UK. Another example is the US CFTC which claims jurisdiction over all swaps transactions even if both parties are non-US and the swap itself happened outside the US.