Misdirected emails accounted for 27% of all data protection incidents under the GDPR last year.

The GDPR is one of the top 5 frameworks adopted by organizations.

31% of organizations adhere to GDPR for API development and deployment.

13 S&P 500 companies warn of sensitive exposure under the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and California privacy laws (CCPA/CPRA) related to privacy.

GDPR is the most difficult regulation to manage, cited by 19.4% of surveyed financial organizations.

95% of AI applications are at medium or high risk for EU GDPR violation.

The top three GDPR fines in 2024 include €310m ($326m) against LinkedIn by the Irish DPC for its processing of personal data in advertising practices, €290m ($324m) against Uber by the Dutch Data Protection Authority (AP) for storing driver data in the US without adequate safeguards, and €251m ($263m) against Meta by the Irish DPC for a 2018 data breach4.

The Irish Data Protection Commission (DPC) has issued a total of €3.5bn ($3.7bn) in fines since May 2018, which is more than four times the amount issued by the next highest regulator, the Luxembourg Data Protection Authority.

The average number of breach notifications in 2024 increased slightly to 363 from 335 in 2023.

The Dutch Data Protection Commission issued a €30.5m ($32.03m) fine against Clearview AI.

Total GDPR fines issued across Europe in 2024 amounted to €1.2bn ($1.26bn).

There was a 33% decrease in GDPR fines in 2024 compared to 2023.

The total value of fines reported since the GDPR came into effect in 2018 is now €5.88bn ($6.17bn).

The largest GDPR fine in 2023 was €1.2bn against Meta for transferring personal data to the US.