No, big companies have the greatest business-plan, tech, and compliance debt and are slowest to change -- the bizplan debt alone can be retired rapidly only at great risk of breaching fiduciary duty to shareholders.
Neither Google nor Facebook is in compliance with GDPR. FB was busted using 2FA phone number for ad targeting. Google has been taking data for various purposes for decades and linking it all together for other purposes. These are bright-line violations of GDPR's purpose-limitation design.
Smaller companies, by contrast, can change more quickly or start with compliance by construction, as Brave has.
It's a silly slogan that GDPR only helps big incumbents. Regulation tends to help incumbents under varying degrees of regulatory capture, as in the US. Europe is different, and India, Brazil, and others jurisdictions are following suit. California's CCPA is weaker (on protected data, opt out rather than opt in, ambiguity about duress = denial of service if off-purpose data not provided, enforcement), but also in line.
Neither Google nor Facebook is in compliance with GDPR. FB was busted using 2FA phone number for ad targeting. Google has been taking data for various purposes for decades and linking it all together for other purposes. These are bright-line violations of GDPR's purpose-limitation design.
Smaller companies, by contrast, can change more quickly or start with compliance by construction, as Brave has.
It's a silly slogan that GDPR only helps big incumbents. Regulation tends to help incumbents under varying degrees of regulatory capture, as in the US. Europe is different, and India, Brazil, and others jurisdictions are following suit. California's CCPA is weaker (on protected data, opt out rather than opt in, ambiguity about duress = denial of service if off-purpose data not provided, enforcement), but also in line.