Courts have discretion when deciding on penalties. This is the case for the vast majority of laws you can think of. You might argue that not having a "first-offender" concept is unfair, but that stops courts from being able to punish really egregious first offenses. It might also incentivise companies to try to work around the repeat-offender rules so they can continue to violate GDPR without any serious penalty.
> Indeed they can impose the maximum fines for a first offense, and are fully incentivized to do so
And yet they didn't when they first fined Google[1], where the fine was 50 million euros -- which was only 1% of the maximum fine they could've imposed. It's almost as if the maximum penalty is the upper ceiling and not the default.
> Indeed they can impose the maximum fines for a first offense, and are fully incentivized to do so
And yet they didn't when they first fined Google[1], where the fine was 50 million euros -- which was only 1% of the maximum fine they could've imposed. It's almost as if the maximum penalty is the upper ceiling and not the default.
[1]: https://www.itnews.com.au/news/google-cops-50m-gdpr-fine-518...