[c1ll1an]

Right b3morales - they can and should be proportionate to both size of company, revenue and the type of regulatory infraction - all of these must be evaluated but it doesn't mean we shouldn't enforce.

To take the restaurant example, a mom/pops restaurant may have less resource to bear for cleanliness and safety but if it consistently, knowingly persists in doing something that makes it's patrons ill - it is any less at fault than a chain of restaurants that does the same? The fine may be proportional to that organization - that's the goal with the GDPR's revenue % based fine format but it could/should go further for large companies that consistently fail.