The E.U.’s General Data Protection Regulation, a sweeping law with harsh fines, is set to take effect in May 2018. Ireland, the European home of many large multinationals, is expected to be at the center of enforcement. We spoke to Helen Dixon, Ireland’s Data Protection Commissioner, about the upcoming changes and how companies can prepare for them. In this second article in our series, she discusses compliance with the non-harmonized areas of the GDPR, the GDPR's enforcement structure, enforcement challenges for the data protection authorities, and answers criticism of the law's penalties. The first article in the series contained her views on the most challenging compliance issues for companies, strategies to get buy-in from the C-suite for compliance resources and successful compliance models she has seen. See also “Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)” (Jan. 25, 2017); Part Two (Feb. 8, 2017).