The ICO are dinosaurs chasing lazy rodents on the sunny uplands of Chixuclub. This is why ...
This is the right debate to have on the topic of enforcement. My observation is that the ICO have become much more secretive and amenable to plea bargains at the expense of data subjects rights in the last few years. Think the ICO is going to right that data protection wrong? You probably don't know the ICO nowadays.
Aside from the fact that the ICO has become little more than a ahem, data protection compliance protection racket ("just keep paying your data register fees okay?") I predict that GDPR compliance is about to go the way of tax compliance - offshored to extralegal entities beyond the reach of pesky regulators.
My evidence for this is the Danish toy maker, while registered with the ICO and claiming data protection compliance actually moved it's data controller to Denmark for UK customers (meaning that the ICO has no interest and the Danish regulator can claim the offence had been committed outside Denmark). This has been done with the full connivance of the ICO, to the detriment of data subjects rights. As long as they keep paying their fees to the ICO, they UK escape justice for GDPR breaches.
Evidenced also by the highly questionable Israeli sales contact data mining company that claims compliance with GDPR but has no offices, employees or interests within the legal jurisdiction of GDPR. That folks is the future of GDPR compliance and the proverbial asteroid hurtling towards the pea-size brained Wirral data police.
So spare a thought for the ICO (and for that matter HMRC). They are dinosaurs in the Chixuclub basin, wondering how bright their futures might be. Very bright is the answer. Very very bright.