[Nextgrid]

There is no downside to breaching the GDPR, as demonstrated by Facebook and Google still being in business.

The fines, if they ever arrive, are merely the cost of doing business - a small tax.

[latexr]

Clearly it is not true that there are no downsides, because those companies had to change behaviours and offer more data protections as a result. The goal of GDPR is not to bankrupt companies, but to fix behaviours.

I do agree fines take too long to come and are too small.