The GDPR applies wherever you are processing 'personal data' of a European Union 'data subject' (a prospect) regardless of where you are based. E.g. you can be a US company but if you are targeting (processing) EU prospect data then you are required to be GDPR compliant.
If you are based out of EU however have a target market exclusively serving Non-EU entities, then the GDPR is not applicable to you and your firm.
Here's some more info taken from the Information Commissioner's Office (the Data Protection Authority for United Kingdom - https://ico.org.uk/)
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’, which in the context of using hubsell are: hubsell customers, hubsell, and hubsell's sub-contractors.
A controller determines the purposes and means of processing personal data - in essence, hubsell customer (controller) defines a segment for a clear purpose for which hubsell (processor) collects & enriches (processes) data on the controllers behalf.
The processor (hubsell) is responsible for processing personal data (prospect data) on behalf of a controller (hubsell customer).
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
The GDPR places obligations on the controller to ensure your processor complies with the GDPR. hubsell does that for its customers already and we advise you on the proper use and retention of data.