GDPR works the opposite of how you think it does. EU residents can claim rights under GDPR regardless of citizenship, and EU citizens in other countries are granted no protections. (I'm not sure about how it works for people whose location is transient, e.g. people on vacations.)
Companies outside of the EU can become subject to GDPR by targeting EU residents. You can always raise a complaint to the data privacy regulator for the EU country where you currently reside, and GDPR has a mechanism to forward that to the relevant authority.
Companies outside of the EU can become subject to GDPR by targeting EU residents. You can always raise a complaint to the data privacy regulator for the EU country where you currently reside, and GDPR has a mechanism to forward that to the relevant authority.