Fines need to be significant relative to revenue, not profit. Otherwise, they become a “cost of doing business.” A punishment isn’t a punishment unless it hurts.

Doesn't this just affect low margin businesses more then?

Should management of personal information be standard or offered at premium?

I'm not sure what your question is getting at, but if I owned a business, a fine proportional to the profit that I would otherwise receive would hurt equally for a low margin business and a high margin business.

That’s the point: if you can’t profit off my personal data while simultaneously protecting it as a “low margin,” your business doesn’t need to exist. Fines relative to revenue hurt every business a lot, which is how it should be. A massive data breach should be cause for going out of business, not “oh, we’re taking X% of your profits this year, but we totally trust you to do better next year.”

I don't agree with your point at all. A high margin business should then be able to get away with massive data breaches compared to a low margin business going bust? It's not about fairness, it's about actually achieving your goals.