These fines aren’t something you’re responsible for paying by merely being breached. These are imposed for misconduct in data handling.

It’s not very hard to handle customer data in a legally compliant way, that’s why you don’t see companies deciding against retaining data.

You can do everything right and still have a data breach, and in that case nobody is fining you.