In the Netherlands we have a similar problems due to the "Wet Openbaarheid Bestuur" (Law of Open Administration)
Basically, you can request any non-sensitive information from any government agency and they have to provide it within a reasonable term or pay a fine to the requester.
This caused people to request all calibration reports of a speed camera if they got a ticket, because for quite some time the government would waive the ticket if you stopped the request.
When it got abused too widely they automated the process and now it's not a problem. This is also how large coorporations should handle this problem.
Then they either shouldn't process private data or should only work with services that can provide such information. No one needs to process personal data - if you don't the answer is a matter of seconds.
If you phrase it as "large companies," then it sounds bad - but it forbids incompetent large companies too. It enforces that only companies that are competent enough to answer questions about data protection can be in the personal data space. If a small company is inherently incapable of answering those questions or handling the data properly, it shouldn't be allowed in that space.
It's like saying that there's a "government enforced monopoly" keeping newcomers out of the food business by not letting them just make things in their apartment and hand them to Uber Eats. It is a technically accurate description, but most people who believe that government has any legitimate functions at all see health inspections as a good thing.
You just have specialization. Most places I've worked that deal with card payments, for example, opt for payment processors that lets them tokenize payment data because it means they don't have to store it with the according additional risks of having a copy of the payment data in their database. There are still plenty of payment provider options.
Not really. You have what already exists for handling investments, e.g. you pay Yomoni (a tiny startup) to make decisions for you but your money is handled by one of the big banks e.g. Crédit Agricole. Your point is somewhat valid, but also amounts to "there is a government-enforced monopoly for large companies in the airliner production space". Damn right there is. For the same safety reasons.
We've had something similar in the UK for a long time, but it actually works pretty well.
There will always be a few people out to cause trouble with excessive requests, but I don't think we should let that block access to non-sensitive information for things we as the tax payer have paid for.
Basically, you can request any non-sensitive information from any government agency and they have to provide it within a reasonable term or pay a fine to the requester.
This caused people to request all calibration reports of a speed camera if they got a ticket, because for quite some time the government would waive the ticket if you stopped the request.
When it got abused too widely they automated the process and now it's not a problem. This is also how large coorporations should handle this problem.