That's one thing that the GDPR (General Data Protection Regulation)[0] which is in the legislative pipeline at the moment is looking to fix.
The proposals include being able to levy a fine up to €1,000,000 or up to 5% of the annual worldwide turnover (whichever is greater) if they fail to comply with EU data protection rules.
The proposals include being able to levy a fine up to €1,000,000 or up to 5% of the annual worldwide turnover (whichever is greater) if they fail to comply with EU data protection rules.
[0] https://en.wikipedia.org/wiki/General_Data_Protection_Regula....