These are just the basics. Determining whether GDPR applies to you is only the first step toward compliance.
Also, keep in mind that compliance with the GDPR is the closest you could get to global data privacy compliance. The US laws are the only ones (along with India, for now) that are not similar to the EU standards.
Brazil, Thailand, Canada, Australia, UK, non-EU European countries, South Africa, Mexico, and soon India as well as many others have laws similar to the GDPR and require pretty much the same stuff from your business.
So, unless you are locate din the US and target exclusively the US, consider having a GDPR-compliance privacy policy in place and a means to obtain consent for the use of cookies.
Any questions?
Cheers,
Petar