The problems for litigation so far in EU countries has been the looseness of the privacy laws. This is the real reason for the GDPR. Once these are 'given teeth', it will enable people whose privacy has been violated to get compensation. This is civil action and quite different from the punitive fines that are issued by the government. In the UK this is done by the ICO  https://ico.org.uk/for-organisations/data-protection-reform/