How would a company violating the GDPR, that only has a physical presence outside the EU, be punished for not cooperating or implementing the regulation properly?

Even though the GDPR aims to protect personal data of European citizens, even when the company or organizations is located outside the EU, it does not meant that EU law can (formally) be enforced outside the boundaries of Europe. There are long standing rules and norms around international jurisdiction that must be followed before regulatory agencies and courts can exercise jurisdiction over distant subjects. Therefore, the execution of decisions made by European courts and DPAs will, essentially, depend on courts and other relevant bodies in those foreign countries and will require starting separate proceedings in those countries.