Yes, the GDPR does apply to US websites that collect the personal data of EEA residents. Personal data includes any identifying information, such as names, contact information, and device details. Non-compliance with the GDPR could lead to fines and legal penalties, even for US websites.