Annual Report 2024

Enforcement
and Fines

Total Fines Imposed

€652M

Following the adoption of the DPC's decisions, fines were imposed on LinkedIn, Meta Platforms Ireland Limited, Sligo County Council and Maynooth University throughout 2024

Decision-Making Activities

  • Preliminary Draft Decisions 4
    Issued to complainants and regulated entities to provide an opportunity for feedback before final decisions were made
  • Draft Decisions (Article 60) 7
    Sent to the Article 60 co-decision making process to allow input from other EU supervisory authorities
  • Finalised Decisions 11
    Issued during 2024 following the completion of the required regulatory procedures
  • Amicable Resolutions 115
    Submitted as part of the GDPR's cooperation mechanism for cross-border complaints via Article 60

Statutory & Cross-Border Inquiries

In 2024, the DPC concluded 4 large scale inquiries sent forward Draft Decisions to the Article 60 co-decision making process; with none of the findings objected to by its peer EU/ EEA data protection Supervisory Authorities.

As of 31 December 2024, the DPC had 89 Statutory Inquiries on-hand, including 51 Cross-Border Inquiries.
4 Large-Scale Inquiries
Concluded
89 Inquiries On-Hand
(End of 2024)
53 Cross-Border
Inquiries

AI & Data Protection

Spearheaded submission of questions to the EDPB on the AI Opinion

Result:

Provided clarity and direction for data controllers on AI compliance and accountability

Contact

32,152

Total Contacts Received

Top Cause:

Subject Access Requests are most common reason individuals contact DPC

This is typically due to non-response or dissatisfaction with the reply provided by the organisation in question

Pie chart showing methods of contact. The majority of contacts were electronic (24,306), followed by phone (6,751), and post (1,095). Electronic contact dominates the chart, making up most of the pie.

Case Handling

The DPC strives to ensure that individuals are supported in understanding their rights under the GDPR, while also encouraging organisations to be transparent and accountable in their data processing activities.

11,091

New Cases Processed

10,510

Cases Resolved
(This figure includes complaints received prior to 2024)

2,357

Cases Moved to Formal Complaint-Handling Process

Breach Notifications

7,781

Total Valid Breach Notifications

11%

Increase from 2023 

Resolution Rate:

81% concluded by
year-end

Top Cause:

50% due to correspondence sent to the wrong recipient

Electronic Direct Marketing

146

Electronic Marketing Investigations

8

Companies Prosecuted
for Unsolicited Marketing
Communications

Focus Areas & New Investigations

New national and cross-border inquiries were launched in 2024, focusing on key areas of emerging regulatory concern.

  • 1
    Biometrics
  • 2
    AI Training & Personal Data
  • 13
    Sensitive Health Data

New Functions Established

Inter-Regulatory Affairs

EDPB and International Affairs

Public Engagement & Guidance

BCRs and
Legislative Oversight

The DPC was leading reviewing supervisory authority (SA) in relation to 16 Binding Corporate Rules (BCR) applications from 11 different companies.

56+

Legislative proposals Reviewed & commented on

EU & Regulatory Collaboration

1,175

Requests for Assistance (Article 61)

180+

Meetings Attended

Unlock the Full Story

Explore detailed case studies and comprehensive insights from 2024, from key stats to in-depth case examples

Download Full Report