
DPA+
If you're doing ok under the current DPA and you're not misbehaving or playing fast and loose with your customers data then really you don't have much to fear.
Yes there is lots to do especially around contracts and consent but if you're playing nice right now it's unlikely that the ICO is going to hunt you down like dogs. Really you've probably got another year before you'll be looked at. The ICO is short handed as it is.
But you may be subject to challenge from grumpy customers and if you cock up in that time you'll be in for a harder time. But these are just risks. Do a gap find out where you're doing worst and work on that.
According to some old hands at the ICO it was no different in 1998 when the DPA came into force. Same panic, same snake-oil being peddled.