Indeed, Alan Pelz-Sharpe, founder of consulting firm Deep Analysis, said the Amazon GDPR fine shows a seriousness from the EU to regulate big tech not just for data breaches, but for data privacy practices.

“GDPR was designed to protect personally identifiable information [PII] and ensure data privacy; it’s not limited to simply pulling data out of a jurisdiction without consent or in suffering a data leak,” he said. “It is about how you make use of PII, not just how and where you store it. That’s important and something all the big tech firms should have … already been aware of.”