The E.U.’s General Data Protection Regulation (GDPR) violations are growing more expensive, and not just for the largest tech companies. In 2021, European regulators tripled their total fine amounts for violations of the landmark data privacy law over the prior year, according to two recent quantitative reviews of enforcement. The statistics compiled by Cooley and DLA Piper tally the most common violations under the law, revealing European data protection authorities share concerns about transparency and the legitimacy of companies’ processing, but differ in their approach to punishment and sanctions. With insights from the reports’ authors at DLA Piper and Cooley, this article discusses the findings, interpretations of the trends and GDPR compliance consequences. It also includes comments made during a Cooley webinar. See our two-part series on the GDPR: “Impact” (Feb. 21, 2019); and “Compliance” (Feb. 28, 2019).