Misdirected emails accounted for 27% of all data protection incidents under the GDPR last year.

Misdirected emails contributed to over $1.2 billion in fines worldwide last year.

The GDPR is one of the top 5 frameworks adopted by organizations.

31% of organizations adhere to GDPR for API development and deployment.

13 S&P 500 companies warn of sensitive exposure under the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and California privacy laws (CCPA/CPRA) related to privacy.

GDPR is the most difficult regulation to manage, cited by 19.4% of surveyed financial organizations.

95% of AI applications are at medium or high risk for EU GDPR violation.

SMEs generate 25% of the UK's GDP.

Total GDPR fines issued across Europe in 2024 amounted to €1.2bn ($1.26bn).

The average number of breach notifications in 2024 increased slightly to 363 from 335 in 2023.

The top three GDPR fines in 2024 include €310m ($326m) against LinkedIn by the Irish DPC for its processing of personal data in advertising practices, €290m ($324m) against Uber by the Dutch Data Protection Authority (AP) for storing driver data in the US without adequate safeguards, and €251m ($263m) against Meta by the Irish DPC for a 2018 data breach4.

The Dutch Data Protection Commission issued a €30.5m ($32.03m) fine against Clearview AI.

The Irish Data Protection Commission (DPC) has issued a total of €3.5bn ($3.7bn) in fines since May 2018, which is more than four times the amount issued by the next highest regulator, the Luxembourg Data Protection Authority.

There was a 33% decrease in GDPR fines in 2024 compared to 2023.

The total value of fines reported since the GDPR came into effect in 2018 is now €5.88bn ($6.17bn).

The largest GDPR fine in 2023 was €1.2bn against Meta for transferring personal data to the US.