Actually when reading up more on it, it looks like you don’t have to be in the EU at all.

If I understand it correctly, the GDPR applies to any company that does business in the EU and it doesn’t even matter where the data subject is located or which country they are a citizen in. So even if you’re from the US, you should be able to make a valid GDPR request.