Then they either shouldn't process private data or should only work with services that can provide such information. No one needs to process personal data - if you don't the answer is a matter of seconds.
If you phrase it as "large companies," then it sounds bad - but it forbids incompetent large companies too. It enforces that only companies that are competent enough to answer questions about data protection can be in the personal data space. If a small company is inherently incapable of answering those questions or handling the data properly, it shouldn't be allowed in that space.
It's like saying that there's a "government enforced monopoly" keeping newcomers out of the food business by not letting them just make things in their apartment and hand them to Uber Eats. It is a technically accurate description, but most people who believe that government has any legitimate functions at all see health inspections as a good thing.
You just have specialization. Most places I've worked that deal with card payments, for example, opt for payment processors that lets them tokenize payment data because it means they don't have to store it with the according additional risks of having a copy of the payment data in their database. There are still plenty of payment provider options.
Not really. You have what already exists for handling investments, e.g. you pay Yomoni (a tiny startup) to make decisions for you but your money is handled by one of the big banks e.g. Crédit Agricole. Your point is somewhat valid, but also amounts to "there is a government-enforced monopoly for large companies in the airliner production space". Damn right there is. For the same safety reasons.
