More importantly IMO they are also contacting entities up front to tell them about violations and how to get compliant, the fines we have seen yet seems (again IMO) to be only for particularly nasty cases and/or cases where the entities in question refuses to change.

This means the fines we are seeing is just the top of the iceberg: most changes happens underneath the surface and only trickles up in the form of less annoying websites (or fines) little by little.