GDPR Fines and Data Breach Survey: January 2025

The top three GDPR fines in 2024 include €310m ($326m) against LinkedIn by the Irish DPC for its processing of personal data in advertising practices, €290m ($324m) against Uber by the Dutch Data Protection Authority (AP) for storing driver data in the US without adequate safeguards, and €251m ($263m) against Meta by the Irish DPC for a 2018 data breach4.

The average number of breach notifications in 2024 increased slightly to 363 from 335 in 2023.

The Dutch Data Protection Commission issued a €30.5m ($32.03m) fine against Clearview AI.

The Irish Data Protection Commission (DPC) has issued a total of €3.5bn ($3.7bn) in fines since May 2018, which is more than four times the amount issued by the next highest regulator, the Luxembourg Data Protection Authority.

Total GDPR fines issued across Europe in 2024 amounted to €1.2bn ($1.26bn).

There was a 33% decrease in GDPR fines in 2024 compared to 2023.

The total value of fines reported since the GDPR came into effect in 2018 is now €5.88bn ($6.17bn).

The largest GDPR fine in 2023 was €1.2bn against Meta for transferring personal data to the US.