Breaking the law can also make you a lot of money. OP probably refers to "the cost of doing business", with the implication that sometimes breaking the law and paying all the associated costs (compliance officers, lawyers, lawsuits, and fines) still amounts to less than the profit made from breaking that law.
I find it very hard to assume good faith behind the question. GDPR certainly made things better but it's by no means a cure all because enforcement is slow and relatively weak. You can take https://noyb.eu as a very good resource for this.
Some excerpts:
> Microsoft's Xandr grants GDPR rights at a rate of 0%
> Norwegian court confirms € 5.7 million fine for Grindr
> Meta ignores the users’ right to easily withdraw consent
> Streaming service DAZN took almost five years to answer a simple access request
> First major fine (€ 1 million) for using Google Analytics
> Spotify fined € 5 Million for GDPR violation
> € 1.2 billion fine against Meta over EU-US data transfers
Laws whose enforcement is lacking or compliance would be against their business model are routinely ignored. See the GDPR as an example.