[snickerbockers]

Yes but only for the sake of the business conducted in that jurisdiction. The GDPR, according to the EU, applies to anybody anywhere in the world. You can have information on an EU citizen stored outside of the EU and they can fine you under GDPR. You don't even need to have ever been to an EU member state at any point in your life-they still claim to have jurisdiction over you if you have information stored on a computer they want deleted.

Most foreign extradition courts would laugh in their face for trying to use that, but if you have any assets in the EU (as most corporations inevitably will if they get big enough to go international) they can seize those as punishment for not following EU laws related to business conducted outside of the EU and that goes back to what OP tried to argue:

>if they don't break the law there's no way for the EU to collect the money

they actually can, because they can say you broke their law while conducting business outside of their jurisdiction that wasn't even illegal in the coutnry that actually had jurisdiction over that transaction.

[pseudalopex]

Collecting something of value as a condition of service is conducting business. It was decided years ago the a transaction's location is the payer's location. Collecting information with or instead of money does not change this. Moving money or information to another jurisdiction and using it there does not change this.

GDPR covers people in the EU. Not EU citizens. Non EU companies can avoid GDPR liability complying with the law or not conducting business there.

Global companies have assets in the EU because they conduct business in the EU. International companies which do not conduct business in the EU do not have assets in the EU generally. And having assets in a jurisdiction subjects you to the laws of that jurisdiction obviously.