[ATsch]

There's a few aspects to this. The first is that Google Analytics is a great example, because while an individual company may not have the competency they may hire another one that does. And while previously some of these companies may have simply added analytics plugins to their site because there was no reason not to, being liable for that processing is a great deterrent.

The second aspect is that this idea of "small businesses" that you are portraying does not really reflec reality. In the anti-regulation lobbyist mythology, small business are all friendly mom and pop stores that are just trying their best. But for example Whatsapp, before it's sale to Facebook, had 55 Employees and half a billion active users. Many hedge funds count as small businesses, as do franchises. Even beyond that, there are plenty of 100-1000 employee businesses here that have more than enough data on hand to cause serious privacy violations.

The third is that violating people's privacy does not have to be for profit as it is in advertising. As the case of a local pharmacy using insurance data to send their customers Christmas cards reminds me, even the smallest business is very capable of violating privacy by treating customer data sloppily.

edit: Oh, also, we might see how big tech really feels when ad exchanges hopefully get declared illegal ;) (see https://www.iccl.ie/news/online-consent-pop-ups-used-by-goog...)