GDPR Fines Hit EUR 1.2Bn in 2024 – 363 Data Breaches Per Day

GDPR Fines Hit 1.2Bn in 2024 – Average Of 363 Data Breaches Per Day

• GDPR fines hit 1.2Bn EUR in 2024, with 8.3% more breach reports in 2024.
• An average of 363 data breach notifications per day vs 335 in 2023.

Whilst no doubt some of these breaches will have been caused by the compromise of Non-Human Identities (NHIs), a key area that the DLA Piper Survey Report calls out is around AI Enforcement, which clearly will have big implications from Non-Human Identity management/security intersection standpoint. Read our blog post on “AI Agents and Their Intersection with Non-Human Identities“.

Commenting on the survey findings, Ross McKean, Chair of the UK Data, Privacy and Cybersecurity practice said:

“European regulators have signalled a more assertive approach to enforcement during 2024 to ensure that AI training, deployment and use remains within the guard rails of the GDPR.”

Here’s a summary of the key headlines from the DLA Piper’s GDPR Fines and Data Breach Survey.

Key Headlines :

1. GDPR Enforcement in 2024:
   • €1.2 billion in fines issued across Europe, marking a significant year in data privacy enforcement.
   • Ireland continues to be the top enforcer with €3.5 billion in fines since May 2018.
2. Decrease in Fines Compared to 2023:
   • 33% decrease in fines compared to the previous year.
   • No record-breaking fines in 2024.
3. Big Tech and Social Media:
   • Primary targets for fines with major penalties against LinkedIn (€310 million) and Meta (€251 million).
4. Expansion to Other Sectors:
   • Enforcement expanded to financial services and energy sectors.
   • Notable fines issued against a large bank (€6.2 million) and a utility provider (€5 million).
5. UK’s Unique Approach:
   • Very few fines issued in the UK in 2024.
   • UK Information Commissioner suggests fines are not the most effective enforcement tool.
6. Personal Liability:
   • Focus on governance and oversight.
   • Investigation into holding Clearview AI’s directors personally liable for GDPR breaches.
7. Data Breach Notifications:
   • Slight increase in the average number of breach notifications per day (363).
   • Netherlands, Germany, and Poland remain top countries for data breach notifications.
8. AI Enforcement:
   • Increased scrutiny on AI technologies for GDPR compliance.
   • European regulators assert a stronger enforcement approach.

If you are interested in Non-Human Identities and their intersection with GenAI read our blog post on “AI Agents and Their Intersection with Non-Human Identities“.