The Ultimate Guide to Non-Human Identities Report

GDPR Fines Hit EUR 1.2Bn in 2024 - 363 Data Breaches Per Day

Lalit Choda, NHI Mgmt Group

GDPR Fines Hit 1.2Bn in 2024 - Average Of 363 Data Breaches Per Day

  • GDPR fines hit 1.2Bn EUR in 2024, with 8.3% more breach reports in 2024.

  • An average of 363 data breach notifications per day vs 335 in 2023.

Whilst no doubt some of these breaches will have been caused by the compromise of Non-Human Identities (NHIs), a key area that the DLA Piper Survey Report calls out is around AI Enforcement, which clearly will have big implications from Non-Human Identity management/security intersection standpoint. Read our blog post on "AI Agents and Their Intersection with Non-Human Identities".

Commenting on the survey findings, Ross McKean, Chair of the UK Data, Privacy and Cybersecurity practice said:

“European regulators have signalled a more assertive approach to enforcement during 2024 to ensure that AI training, deployment and use remains within the guard rails of the GDPR.”

Here's a summary of the key headlines from the DLA Piper's GDPR Fines and Data Breach Survey.

Key Headlines :

  1. GDPR Enforcement in 2024:

    • €1.2 billion in fines issued across Europe, marking a significant year in data privacy enforcement.

    • Ireland continues to be the top enforcer with €3.5 billion in fines since May 2018.

  2. Decrease in Fines Compared to 2023:

    • 33% decrease in fines compared to the previous year.

    • No record-breaking fines in 2024.

  3. Big Tech and Social Media:

    • Primary targets for fines with major penalties against LinkedIn (€310 million) and Meta (€251 million).

  4. Expansion to Other Sectors:

    • Enforcement expanded to financial services and energy sectors.

    • Notable fines issued against a large bank (€6.2 million) and a utility provider (€5 million).

  5. UK's Unique Approach:

    • Very few fines issued in the UK in 2024.

    • UK Information Commissioner suggests fines are not the most effective enforcement tool.

  6. Personal Liability:

    • Focus on governance and oversight.

    • Investigation into holding Clearview AI's directors personally liable for GDPR breaches.

  7. Data Breach Notifications:

    • Slight increase in the average number of breach notifications per day (363).

    • Netherlands, Germany, and Poland remain top countries for data breach notifications.

  8. AI Enforcement:

    • Increased scrutiny on AI technologies for GDPR compliance.

    • European regulators assert a stronger enforcement approach.

If you are interested in Non-Human Identities and their intersection with GenAI read our blog post on "AI Agents and Their Intersection with Non-Human Identities".

GDPR Fines Hit EUR 1.2Bn in 2024
GDPR Fines Hit EUR 1.2Bn in 2024

About Glossary

Terms & Conditions Privacy policy

Non-Human Identity Mgmt Group

The Non-Human Identity Management Group is the #1 Authority for research and education on Non-Human Identity risks. We provide Independent guidance and expert advice to organizations, helping them understand, manage and secure these huge risks effectively.

Subscribe to our Newsletter

Subscribe

© 2024

Contact us if you would like to get some independent guidance and advice on how to start tackling Non-Human Identity Risks.