Organisations operating outside the European Union, but employing EU citizens, must comply with the GDPR requirements. This means that the EU citizens can exercise their rights according to the GDPR, even if the company does not conduct any business within the EU.
The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?
The European Commission concluded that the United States ensures adequate protection for personal data transferred from the EU to U.S. companies under the EU-U.S. Data Privacy