- How to preorder the Samsung Galaxy S25 series - and the best deals I found
- Explore the Future of Naval Communications and Security with Cisco at AFCEA West
- 4 useful Galaxy S25 Ultra features that creatives and power users will love
- Expanding the Foundation of AI-Native SOCs: Mastering Holistic Data Integration
- This plug-and-play projector made my movie nights cinematic (and it's on sale)
GDPR Fines Total €1.2bn in 2024
GDPR fines issued across Europe totaled €1.2bn ($1.26bn) in 2024, according to new figures published by law firm DLA Piper.
These figures represent a 33% decrease in GDPR fines issued by European regulators compared to 2023, when €2.9bn ($3.1bn) in penalties were handed out.
This is the first time a year-on-year fall in fines has been observed since the GDPR came into effect in May 2018.
The relative reduction in 2024 compared to 2023 is almost entirely as a result of the record-breaking €1.2bn fine against Meta in May 2023. This fine related to the firm’s transfer of personal data to the US on the basis of standard contractual clauses (SCCs).
Therefore, DLA Piper emphasized that the 2024 figures do not represent a shift in focus from personal data enforcement in the EU.
Ross McKean, Partner and Chair of DLA Piper’s UK Data Protection and Cyber Practice, commented: “The headline figures in this year’s survey have, for the first time ever, not broken any records so you may be forgiven for assuming a cooling of interest and enforcement by Europe’s data regulators. This couldn’t be further from the truth.”
The Irish Data Protection Commission (DPC) remains the largest enforcer in Europe. The regulator has issued a total of €3.5bn ($3.7bn) in fines since May 2018, more than four-times the value of fines issued by the next highest regulator, the Luxembourg Data Protection Authority.
The total value of fines reported since the application of GDPR in 2018 now stands at €5.88bn ($6.17bn), according to DLA Piper figures.
Biggest GDPR Fines in 2024
Big tech and social media firms continued to be the biggest targets for large fines under GDPR in 2024. The top three fines over the year were:
DLA Piper also highlighted that enforcement in 2024 expanded notably in other sectors, such as financial services and energy. This includes the Spanish Data Protection Authority issuing two fines totaling €6.2m ($6.5m) against CaixaBank for inadequate security measures.
The average number of breach notifications in 2024 increased slightly to 363 from 335 in 2023.
A Pivot to Personal Liability
Another trend highlighted in the research was the significant shift in focus by European regulators to personal liability.
DLA Piper noted that a number of enforcement decisions cited failures in organizational governance and oversight that caused data privacy violations.
In a prominent example, the Dutch Data Protection Commission announced it was investigating whether it can hold the directors of Clearview AI personally liable for numerous breaches of the GDPR, following a €30.5m ($32.03m) against the firm.
McKean added: “For me, I will mostly remember 2024 as the year that GDPR enforcement got personal. As the Dutch DPA champions personal liability for the management of Clearview AI, 2025 may well be the year that regulators pivot more to naming and shaming and personal liability to drive data compliance.”
