Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?
So if you suspect a us entity violating your EU right aka gdpr you can make a complaint to your city's data protection agency or directly via the EU complaints for cases outside your country ( inside and outside EU)
They will take care of it and make sure that you don't need to travel to another country for court stuff and more ( if needed in most cases you don't)
Usually it gets regulated in a way that you can go to a court in your city and the enemy in his city.
So all in all the us wants the EU market and vice versa so both agreed to a treaty to honor the rules of each other
The Trans-Atlantic Data Privacy Framework (and subsequent executive orders) protect the EU citizens from misuse of their data by US law enforcement and intelligence communities.
They do not give EU citizens any rights concerning data held only by private companies, apart from the rights all Americans already have.
It is implemented via executive order which courts don't have to honor. All it means is LE agencies have to take action. Courts are free to ignore the EO and dismiss any charges or civil suits. A treaty is a different story.