[downandout]

People keep saying all of this. Again, there is absolutely nothing enshrined in GDPR limiting fines, other than $10/20 million. It says they should consider some things when determining the fine. But (for example) one of the 28 countries could decide that in their country, the lowest level fines are “only” $5 million, and they go up from there based on the factors they are supposed to consider. That would still be enough to destory most businesses.

You cannot tell me that there is anything limiting the fines (other than the cap) because it isn’t written. You’re saying that you hope and think that each of the 28 governments involved here will be reasonable, but in truth you have no way of knowing, and they have every incentive to not be reasonable.

[zaarn]

I hope that my government won't do this. As a EU citizen I only have to care about the one in my country.

Again, if you think the fine you got is too heavy you can escalate this to the courts (even EU courts).

There is also no incentive for the regulatory agency to impose such fines if the business cannot pay them. In that case they would get less or even nothing as the business collapses and it has not been the modus operandi in any EU regulatory body I know or experienced.

If they aren't reasonable than the EU courts will make them reasonable or the EU will add additional paragraphs to the GDPR to prevent excessive fines. Simple as that.