The maximum fines for breaking the GDPR is up to 4% of your global turn over. If it gets to that they can seize any assets in the EU, including any revenue earned in the EU up to the amount of the fine. Potentially directors can attract criminal risk by refusing to pay the fine(s), leading to an international arrest warrant. Obviously this is the most extreme case, but it is generally is easier to just comply with the law like a reasonable person.