[lagadu]

You're getting downvoted because you're incorrect: it doesn't matter where a company is from, if they're conducting business with people in the EU, they're bound by it. Which is why several non-EU companies have paid fines and plenty are implementing GDPR-based privacy measures (and I speak from experience here).

[Mirioron]

Foreign companies paid fines because they still wish to operate in the EU. If they were willing to give up on that then they wouldn't have to pay anything. Eg a Chinese company could collect and abuse as much data as they wanted. Once they get caught the EU can levy fines on them, but the company can just choose not to pay, because the EU can't reach into China.

The EU can't force a foreign company to pay, just like China can't force an American company to pay. Or am I mistaken and there's some international agreement that allows the EU to force them to pay up?