Sure, it wasn't consistent, but the argument about lack of enforcement really comes down to the national regulators not taking their jobs seriously enough or being given sufficient resources. The ICO in the UK has only ever issued pretty small beer fines.
The problem with self-regulation in this area is that there is significant competitive advantage to be gained by not being particularly careful. In that sense, I think GDPR evens the playing field.