In the world of the GDPR, the government that enforces and fines you as a business, violates the very regulation it aims to fine. For instance, many Dutch municipalities still have such a poor data security policy and practices.
In the world of the GDPR, we know that fines can be very high and the allocation of the fine can be arbitrary. In other words, many organisations are formally violating the GDPR but only a few are fined. Arguably, the GDPR regime could be compared to a lottery where some businesses get the ‘prize’ and others do not. For instance, British Airways is now facing a record fine of 183 million Great British Pounds for last year’s breach of its security systems, while many others did not get fines or warnings.