even if you live outside of your country, you typically still are considered a resident of the country of citizenship, because to declare you a non-resident someone would have to prove that you aren't still registed as resident or don't don't have a home there any more and are not going to go back any time soon, which you could do any day.

GDPR is very clear -- EU citizens living outside the EU are NOT covered. US citizens living in EU are covered. That's not uncommon for laws; I don't get a ticket for breaking US traffic laws in the EU, or vice-versa. Very few laws reach across borders like that (taxes, some forms of child abuse, some forms of bribery, child support, arms trafficking, some types of military service, espionage, etc.).

However, as the other poster pointed out, from the perspective of a tech vendor, understanding the difference between:

- EU resident

- EU resident using a VPN in the US

- EU resident traveling in the US

- EU non-resident living in the US

For each request which comes in is practically intractable.

GDPR is also framed as a basic, universal human rights law. That also can have unintended tentacles. If you don't want a liability hole, it makes sense to honor GDPR for everyone, in practice (even if not under your ToS).

Practically, that's what everyone does. I've never had a GDPR request declined on the basis of residency (the last qualification being important).