That enforcement is pretty much enough for Eu businesses to observe GDPR.
And its way more than enough for large foreign tech companies like FAANG to have obliged with it waaaaay earlier.
Enforcement generally happens upon reporting. So your garden-variety startup or corp somewhere in the US or another corner of the world is unlikely to get reported unless they start to get sufficient userbase in the Eu.
I once requested under GDPR my personal data on a well known dating app. It contained all messages ever sent as well as GPS positions for years (try it yourself). I then requested that data to be deleted permanently and they refused.
I didn't take it to court because I didn't want my dating history to be dragged out in court.
I will not dispute that we need more enforcement, but it definitely exists and helps. For example, Google recently changed their "cookies" dialogue from "More options" to "Reject all".
Agreed about Google, but not only did it tame 4 years for such an obvious breach to be corrected, but I also don’t believe they were even fined for this particular violation - they decided to start complying after the IAB consent flow ruling.
They’ve basically been allowed to willingly and maliciously breach the regulation for 4 years.
Facebook appears to still be getting away with breaching the regulation on so many levels.
The DMA and DSA will be enforced by the Commission, rather than by member states' local authorities which - hopefully - will avoid the problems we've seen with the GDPR.
GDPR changed a lot. From my own experience, European companies think much harder about what data to collect, where to store it and how to distribute it. We're not even close to 100% enforcement, but a huge step forward from where we were.
If this law only reaches 20% of what it envisions, it'll do more for consumers than other laws before.
It doesn't matter how much you ramp up the fines if there's no willingness to enforce them. GDPR's potential fines were already adequate but the actual fines given out were laughable.