Yes, but if you reside in Spain and use a VPN with Thai exit node to access a site in Thailand you are stil residing in the EU and in turn the Thai website needs to comply with GDPR.
Through non compliance can only be enforced if the entity behind the website/app or similar does enter the EU or does business with the EU.
Through non compliance can only be enforced if the entity behind the website/app or similar does enter the EU or does business with the EU.