Sorry if the title is a bit confusing. I'll try to rephrase: GDPR obviously improves transparency and protective services in global service providers/vendors that involve users in the EU. I can see how transparency about data management would benefit all end users (both those that reside in the EU and those that don't). But does GDPR require companies to protect non-EU user data using the exact same measures as if the user resided in the EU?
I'd like to think that as a US-based user of a global company, I'm receiving the same exact rights as EU users under the protection of GDPR (because it would be difficult/risky/silly for a company to try to lessen security for some regions) but I'm not so sure. Could a company technically place some regional data at more risk while still adhering to GDPR guidelines?