DLA Piper's annual survey, published on January 28, 2026, shows that European businesses reported 443 data breaches per day in 2025—the first time the average has exceeded 400 since GDPR came into effect. This is a 22 percent increase from 2024.
Most of these breaches are not spectacular break-ins. They are everyday occurrences — misdirected emails, forgotten access, lost devices, clicking on phishing links. And most of them happen without warning, at times no one had planned for.
GDPR requires notification to the Data Protection Authority within 72 hours from the moment someone in the organization became aware of the breach. 72 hours sounds ample – until it happens on a Friday afternoon.
Practical point: Do you know what happens in the first 60 minutes after a breach is discovered? Who decides, who reports, who notifies those affected? Have you written it down? A simple, pre-made half-page plan is worth far more than good intentions under pressure.
Inspired by: DLA Piper