It’s becoming increasingly common for companies and organizations to be reported for violations of the GDPR personal data protection law, according to a new report from the DLA Piper law firm. On average, there are now 443 reports of GDPR violations per day in the EU, an increase of 22% compared to 2024.

“The report confirms that cybersecurity issues are intensifying,” Gustav Lundin from DLA Piper said in a statement. “For Swedish organizations, this means that both technical and organizational protective measures need to be reviewed in order to keep pace with the emerging risks and requirements.”

In 2025, total fines amounted to €1.2 billion, most of which involved technology and social media companies. That figure was in line with the previous year.