For instance, I know of a company that flouted GDPR and got multiple letters off the ICO trying to help them with compliance before finally, months later, they ended up in court and got a very small fine.
Edit: it is not cool to edit your post after I replied to make it look more reasonable