[NilMostChill]

GDPR works within a legal framework.

It requires investigations and evidence and it metes out fines for non-compliance, eventually.

A fine doesn't reverse stolen/hacked data, nor does it work particularly well on the megacorps who just eat it as the cost of doing business.

If there is more profit to be had than it would cost in fines then that's not a deterrent, its a tax.

Until the fines are proportionate to the offence (whatever the profit is/was + punitive percentage) it's only going to deter those who can't pay the current fixed rates.