It's because those companies can hire in their own GDPR specialists, or will just take the fines and see what they need to fix, or they don't need to comply.
I asked my admin about it the other day. This guy has more IT and Data Security certs than will fit on his business card. He had never heard of GDPR which is very suprising. But then again, my company probably doesn't need to comply with GDPR.
IMO wayyyyy after the GDPR deadline is when we start seeing an uptick in activity due to companies getting hit with their first fines and realizing they need to fix it.
Go LDSR