Enforcement of the GDPR shows signs of growing more predictable after six years and roughly 2,375 fines. However, there are still hurdles to harmonized practices among data protection authorities (DPAs). With insights from attorneys at A&O Shearman, Bird & Bird, Covington, IAPP, McDermott Will & Emery and Steptoe, this two-part article series captures the latest practicalities that companies should understand about GDPR investigations and enforcement. This second installment discusses DPAs’ characteristic practices affecting companies and identifies four nagging points of divergence between them. Part one examined key themes in the European Commission’s second report about GDPR implementation and its proposed rules to align enforcement, entering final negotiations this month. See “Navigating Government Investigations of Privacy Practices” (Sep. 4, 2024).