Add a bookmark to get started

25 March 20243 minute read

DLA Piper GDPR and data breach report

Global law firm DLA Piper published the results of its annual study on GDPR fines and data breaches in January 2024. The report looks at the cumulative fines imposed since 208, and the country ranking of fines issued in 2023. Ireland once again holds pole position for the highest total GDPR fines in value, given since May 25, 2018. The popular tech location also this year imposed the highest ever single fine, surpassing Luxembourg’s previous record enforcement. Austria is in tenth place with under EUR25 million in fines, and 14th place with regard to the number of data protection violations with 1,062 violations.

As Ireland is a popular location for technology companies doing business in the EU, it is not surprising that the country has once again taken the top spot this year with the highest GDPR fines since May 25, 2018. Ireland has now sanctioned infringements of the GDPR totalling EUR2.86 billion.


Pole position for Ireland both for the total amount of all GDPR fines and for the highest fine ever imposed

The GDPR's restrictions on the transfer of personal data to third countries continue to be a priority for European supervisory authorities, with the EUR1.2 billion fine imposed on Meta in Ireland being the highest ever.


Germany recorded the highest number of data breaches

Germany, followed by the Netherlands and Poland, reported the highest number of data breaches during the period under review, with around 32,000. Austria recorded around 1,000 breaches.


Other key findings of the DLA Piper study:
  • Data protection authorities imposed fines totaling EUR1.78 billion across Europe in 2023. This is an increase of 14 percent compared to the previous year.
  • The most significant GDPR fines mainly affected globally active companies from the social media and big tech sectors.
  • Non-compliance with the basic principles of the GDPR continues to be the most frequently cited reason for fines in all of the countries analyzed.
  • The trend of recent years continues: In 2023, an average of 335 breaches were reported per day, compared to 328 data breach reports per day the year before. Taking into account the error rate, the number of reported security breaches remains, at a high-level, almost unchanged compared to the previous year.

"Our neighbor Germany recorded the most data security breaches with around 32,000. With around 1,000 breaches, Austria is in 14th place and therefore in the middle of the field," comments Sabine Fehringer, Partner and IT/IP Country Head of DLA Piper Vienna, on the publication of the firm's report, which covers all 27 member states of the European Union as well as the United Kingdom, Norway, Iceland and Liechtenstein. "The risks for companies of non-compliance with the GDPR are considerable. The results of the study make it clear that targeted risk management and data protection compliance are also highly relevant for Austrian companies in order to prevent sanctions in the event of violations", the data protection expert continued.