Jan 26 | 2 minutes read

GDPR in 2024: Why European Businesses Must Prioritize Data Protection Now

As we await new reports on 2025 GDPR enforcement, let’s revisit trends observed across Europe during 2024. 


The Rising Cost of Non-Compliance


European data protection authorities issued a total of €1.2 billion in fines throughout 2024. Most of those fines towards big tech giants failing to comply with their obligations towards European citizens. In Sweden alone, we saw a total of 60.58 million SEK administrative fines. But fines are only part of the picture: approximately 6500 data breaches were reported, a significant increase compared to 2023. The same trend has been observed in France, where the Data Protection Authority received 5 629 notifications of personal data breaches, 20% more than in 2023. 


The trend is therefore very clear, more and bigger personal data breaches every year. 

This could be attributed to a multitude of factors: continued digitalization, more complex IT  ecosystems, human error, increased scrutiny and heightened focus on AI, tracking technologies and coss-border data transfer. The digital world evolves, and with it the characteristics of personal data breaches. 
This has pushed IMY, the Swedish national authority, to shift enforcement from a risk-based proactive supervision to a complaint-driven investigation, a very important change that reflects how European citizens are more conscious about their rights. Indeed, the number of complaints has also increased, with 17 772 complaints received by the French authorities, an 8% increase, and 4241 in Sweden, representing an increase of 16% for the Swedish market. 

In its report, IMY explicitly links good GDPR compliance with cyber resilience against attacks and leaks. In a world with individuals more than ever aware of their rights, cybersecurity, good governance, data sovereignty and high awareness of staff is crucial for companies basing their activities on the processing of personal data. It is very clear that major big tech companies remain the biggest targets of data protection authorities as they issue the biggest fines towards them. Shifting to local European vendors providing cybersecurity guarantees seems like the clearer path to safety. 

Apsis (by Efficy), a European based company has seen this trend, understood its value and secured two certifications in 2025. 

The ISO27001 certification, strengthening its cyber security position, and ISO27701 certification, demonstrating its compliance with privacy. 

 

 

The message from 2024's GDPR landscape is evident: data protection is no longer optional, and the consequences of getting it wrong are escalating. But this challenge also presents an opportunity. By choosing vendors who prioritize security, privacy, and compliance, you can reduce risk and build trust with your customers.


Rapport annuel 2024 
Årsredovisning 2024 

Author: Eliza Bounouar – Data Protection Officer
 

Related

More Inspiration

Handbooks and guides for digital marketers!

Handbooks and guides for digital marketers!
Watch one of our inspirational Webinars!

Watch one of our inspirational Webinars!
Customer testimonials

Customer testimonials