Why worry?
Enforcement will still be lelft solely up to the ICO, which seems primarily to exist in order to protect companies from lawsuits for breaching the DPA. Certainly they rarely, if ever, use the teeth they already have - its difficult to believe they'll be any more assertive or forceful in the use of their new powers post GDPR / Whatever Brexit bring as a replacement.