Indeed. The regulation allows for pretty stiff fines I believe, so with fines this small for companies whose entire business model is persanal data (e.g. Google and Facebook but not an airline or retail chain) the math should be "How large should the fine be in order for it to cost MORE for this company, than actually complying".
Complying with the GDPR isn't "free". It's like these companies belive "oh we can't possibly comply with that because it would hurt our bottom line!".
Give it some time. H&M got a €35mio fine in November 2020 for a document from 2014 stored in a network drive that contained employees personal data. If you do not comply, the more you wait the more risky that becomes.
Complying with the GDPR isn't "free". It's like these companies belive "oh we can't possibly comply with that because it would hurt our bottom line!".