EU will presumably stop you from doing business in the EU, if you break EU laws and ignore judgments. Companies don't want that. Grindr LLC, a US company with no EU corporate presence as far as I know, was fined 6.5 million for breaching GDPR by an Oslo Court, upheld in appeals. They paid that fine. If they didn't, they'd probably be kicked out of the app stores from Norway (if not from all of EU). Apple and Google do have an EU presence. Even if they didn't, they wouldn't start a war over 23andMe.
We generally don't need to worry about EU judgments against US companies being enforced, or vice versa. It doesn't get far enough that we need to think about how it's going to be enforced as a practical matter.
You really think they are getting access to their data and looking for some German dude’s data in every server they have?
At most 23andMe gets some 250 item questionnaire that some poor soul with a red stapler in a basement has to answer, some middle manager puts a signature on it, sends it saying “yeah we good” and that’s it. Unless there is enough noise for someone to sue, no one is looking at that shit hard enough.
Even if they are, 6.5 million in fines is chump change.
Filling out some form won't help if someone finds out they're not doing what they said they will do. The data protection agencies will sue if they find that out. And they did find out that Grindr was selling data it wasn't allowed to.
Fines are scaled according to revenue. That's the reason for the monumental fines leveled at Google and Facebook. They don't mess around.
I believe Grindr's fine was just based on their revenue from Norwegian users. Probably plenty hurtful enough to make them implement data protection in the jurisdictions which demand it.
Fines are based on a number of things; the type of data (PII or Article-9-PII), number of people affected, amount of data, previous violations, and as far as I know also the country issuing the fine. 6.5M might be a small fine by some standards, but if fined and nothing improves the fine is likely to be a lot higher the next time around.
We generally don't need to worry about EU judgments against US companies being enforced, or vice versa. It doesn't get far enough that we need to think about how it's going to be enforced as a practical matter.