Note that the actual cost to Knuddels is much higher, because you also have to include the cost of implementing proper security measures. The Data Protection Officer's statement (https://www.baden-wuerttemberg.datenschutz.de/lfdi-baden-wue..., in German) states that the total cost to Knuddels is a six figure sum.
For a larger company, should be considerably higher.
Also, the ruling mentioned a reduced fine for cooperation and quick remediation.
This probably wouldn't play out so well with a bloated structure and process, as you mentioned.