As I wrote, it is not a problem to enforce the court's judgment. The US and the EU cooperate quite closely in many areas and will not block judgments. Anyway, this may only apply to small businesses and private parties. I think that if there is not a large data leak or customer complaint to the service provider to the court, there will be no such action from the request of Data Protection Offices. The EU will rather focus on local data administrators. Therefore, any large non-EU administrator must have a legal representative in the EU to be punished directly or give him recommendations for data protection. But every large company works on its commercial solution so do not worry about it.
phpBB as a software producer used all over the world should make the software legitimate. This is not an obligation, because no one forces you to use phpBB. This is an element of competitiveness on the market. Which software should I choose - lawful or having a legal problem?
Extensions are ok, but as I and others wrote, the extension is today, and tomorrow there is no because the author has abandoned it. That is why key elements should be in the core.
Checkbox or list of checkboxes on registering form additional text to edition - Legal agreement or consent. (Now I have done it by CPF but it is some problematical)
Checkbox or list of checkboxes on contact form with additional text to edition - Legal agreement or consent.
Deleting user account by themself, with anonymization of posts author. (There is an extension, but today is, tomorrow maybe not.)
Or other tool for anonymization. (At now I manually changing user name to anonymous and next deleting user. But maybe some data still retains in DB?)
Better account protection by using 2FA and Google Authenticator.