A review of what the GDPR is and what an expected fine is according to the law itself, this is exactly what you would expect to see. Its maximum penalty is related to the company's annual, worldwide revenue.
> The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.
(emphasis theirs, well, bold not italics, but yeah.)
Meta/Facebook/WhatsApp was fined about 2.4 billion (6 out of top 10 fines), but still nowhere near close to the maximum (which would be about 54 billion).
From https://gdpr.eu/fines/:
> The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. (emphasis theirs, well, bold not italics, but yeah.)