We have 20+ years of dealing with tons of national and regional DPAs following national rules. Now these DPAs play by a single rule book, but other than that, little changes.
How many $300kEUR fines (the maximum in Germany until yesterday) served by a German DPA (we have 17: one federal, one per state) have you heard about in the last 5 years?
The first one was handed out by a court based on criminal law. This is not comparable to administrative fines. He got fined 260 days of his income (which is the basis on which such fines are assessed). He had two previous, very recent convictions. I'd say this is not a very harsh sentence but your opinion might vary.
The second one is a law very much like GDPR (notice the little words "up to"?). Not a single fine has been given based on that, not even a small one.
How many $300kEUR fines (the maximum in Germany until yesterday) served by a German DPA (we have 17: one federal, one per state) have you heard about in the last 5 years?