Data Breach Notifications Hit 443 Per Day Across Europe

DLA Piper has published the eighth edition of its annual GDPR Fines and Data Breach Survey, revealing that personal data breach notifications across Europe rose 22% year-on-year, reaching an average of 443 per day between 28 January 2025 and 27 January 2026. This is the first time since the GDPR's application in May 2018 that daily notifications have exceeded 400, breaking a multi-year plateau.

The survey also confirms that aggregate GDPR fines since May 2018 now exceed €7.1 billion, with European supervisory authorities issuing approximately €1.2 billion in penalties during 2025 alone — closely matching the 2024 total. The sustained level of enforcement activity suggests that regulators are operating at a high and consistent tempo, rather than relying on periodic headline-grabbing penalties.

While the survey does not attribute the notification spike to a single cause, DLA Piper identifies several contributing factors: geopolitical tensions, the growing availability of offensive tools to threat actors, and the proliferation of new laws imposing incident notification requirements. The Cyber Resilience Act, which begins applying from September 2026, will add further reporting obligations for products with digital elements — potentially pushing notification volumes higher still.

For compliance teams, the data reinforces what enforcement trends have been signalling for some time: breach readiness is not optional. Organisations that lack clear internal procedures for detecting, assessing, and reporting breaches within the 72-hour GDPR window face both regulatory exposure and operational disruption.

Acompli perspective: A 22% increase in notifications means regulators are seeing more breach reports than ever — and that means more scrutiny of how organisations handle them. The foundations for effective breach response are the same ones that underpin broader compliance: accurate data mapping so you know what was affected, documented processing records to support your notification, and a structured risk management framework that enables fast, defensible decision-making under pressure.