If you're an explicitly US website with no operations abroad, you shouldn't even give the GDPR a second thought. And if that's the case and you also have no operations in California, you should give the CCPA the same treatment.
I am not sure about Purdue and their affiliation with their student newspaper, but many US universities have operations abroad to some extent, like a recruiting office or something.
