I think that's correct; and I suspect it was intentional.

I strongly disapprove of extraterritorial legislation (a US specialty). But in the case of the GDPR, if you want to regulate internet activity, then you more-or-less have to go extraterritorial.