[aepc2]

Gdpr demands more of bigger organisations. Because those organizations have the capability and thus responsibility to make sure gdpr is followed. The same could be asked in this case. The big bank is better equipped to catch dirty transactions. Thus they should maybe be penalised according to size.

[cm2187]

Gdpr deals with intangible damages. What is the loss of privacy of 100 millions users worth? It's not really comparable.