Well, the GDPR isn't there to fine companies for doing the wrong thing. A company's first violation rarely results in fines or disciplinary action. In any case, I do agree that the EU seems to move quicker and act stricter than other regions in regulating big tech companies.

Of course, the point of the legislation (any legislation for that matter) is for things to be improved, not to top up the budget by catching infractions. A warning on first offense is a good principle to adapt (of course baring murder and the like)