Eh. I think "break the rules and see what happens" has been a _very_ common means of GDPR 'compliance' in Europe, in general. Worked, too, at least for a while; the first fines >100million only showed up in 2022 or so.