I am not a lawyer, etc. But I have dealt with EU privacy issues with products my team developed and spent a lot of time discussing the issues with both US and EU lawyers.Keep in mind that I look at things from the viewpoint of a multi-national corporation with products disseminated in close to every country on the planet and wants to keep it that way. I retired several years ago, so my info is not current, although I try to keep up.
This is just my impression, but I think email discussion forums may be in for a rough ride. I suggest we all keep our eyes open and be prepared for some tough decisions. From discussions I have listened in on, I believe it is quite possible that the GDPR may require that every single post from a member be removed on the member's request. That may include quotations in other posts. Statements of non-compliance in click-through TOSs are often shaky in court.
All this will be subject to interpretation and no one knows how it will turn out. As far as jurisdiction is concerned, I doubt that US Marshals are likely to put any groups.io group owners on planes to Brussels, but I do think that group owners who refuse to cooperate might find that they have problems traveling to the EU or might see interference in their finances in EU institutions. These are only possibilities, but I take them seriously. The future is notoriously hard to predict.
What am I doing now? Basically, nothing. Responding to a full-on request to delete a member's entire history will be tough and I hope it does not happen. At the moment, I don't see any reasonable way to prepare for it. Investing in half-cocked preparation for legal interpretations that may or may not materialize is seldom a winning strategy, but putting a little thought into what could be done if decisions don't go our way is often worth the trouble. For example, putting some thought (NOT code for heaven's sake) into ways of segregating member's quoted material for easy removal might be a good way to spend an idle moment. I would also keep in mind that good faith efforts to comply are often rewarded.
I think Mark has to worry about where data is stored, but I have an impression that will not be difficult. The cloud storage providers have been thinking about that for a decade at least.
I hope these observations are helpful, but they are only speculation.
Best, Marv Waschke