It’s meant to take on the large/multiple offenders; if they get enough complaints about 1 company and after warnings that company doesn’t change, they will fine.
they could fine without warning and IMHO they should start doing so it's the law isn't new isn't complicated to roughly get right for 99% of companies so there is no longer reason to go easy on companies which seem to very knowingly give a shit (independently of weather it actually was knowingly)
That would make it more like the US with over litigation, companies hiring people to find competitors in violation and going by the letter instead of the intent of the law. Also; the gdpr is large and complex but the intent is pretty clear; if we start to go by the letter, very many companies are unknowingly in violation but cannot afford consultants. They don’t abuse the data ; they just store too much for instance. It would be very strange if they get fined immediately; they will have 0 complaints over their existence probably, so a warning would suffice.
The companies that don’t give a shit aka ignore warnings from the overseer in their country, will get fined; small or big. It works fine.
also too little clarification for "predictable edge cases and ways companies try to circumvent" had been put in law upfront (laws some a form of comment section into which such things can be placed, most times as result of previous court decisions)
and from the resources which are available too many are bound in large companies bullshitting around by trying to delay enforcement by a very obvious misinterpretations of the law and huge legal teams/founds to delay and delay and delay
