Violations of the E.U.’s General Data Protection Regulation (GDPR) are growing more expensive and not just for the largest tech companies. In 2021, European regulators tripled their total fine amounts for violations of the landmark data privacy law over the prior year, according to two recent quantitative reviews of enforcement. The statistics compiled by Cooley and DLA Piper tally the most common violations under the law, revealing European data protection authorities share concern for transparency and the legitimacy of companies’ processing but differ in their approach to punishment and sanctions. With commentary from the reports’ authors at DLA Piper and Cooley, this article discusses the findings, interpretations of the trends and GDPR compliance consequences. It also includes comments made during a Cooley webinar. See our two-part series on the GDPR: “Impact” (Feb. 21, 2019); and “Compliance” (Feb. 28, 2019).