Good luck trying your luck with international law.
,,You may be wondering how the European Union will enforce a law in territory it does not control. The fact is, foreign governments help other countries enforce their laws through mutual assistance treaties and other mechanisms all the time. GDPR Article 50 addresses this question directly. So far, the EU’s reach has not been tested, but no doubt data protection authorities are exploring their options on a case-by-case basis.''
The EU could certainly stop them from doing business there. Beyond that, you can't be sure they could collect fines. It may depend on the technical details of what the fines are about, and how big they are. America has human rights that privacy regulations like California's CCPA are careful to waltz around.
If at all, then only as long as they're conducting their business with EU customers entirely from the US. As soon as they're putting servers in a colo in the EU, there's something that EU authorities could confiscate to cover outstanding fines.
You cannot conduct business in the EU unless you have a VAT number issued by any of the member (still 28) states. You cannot sell anything in the EU w/o VAT, it'd be illegal. The company =must= pay the collected VAT to the respective member state(s).
So they have to register in the EU to conduct business (and issue VAT receipts). This requires some assets and people to be responsible.
The only way to conduct business outside is a small shipments (less than 22e) that would be free of VAT and customs clearance.
