"GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe's regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived. The figures come from the latest GDPR Fines and Data Breach Survey published by DLA Piper, which puts total fines issued across Europe last year at roughly £1 billion (€1.2 billion), up from £996 million in 2024. While that year-on-year increase is modest, regulators have now handed down €7.1 billion (£6.2 billion) in penalties since GDPR came into force in May 2018."
"The firm avoids pointing to a single root cause. Rather than offering a neat explanation, the survey describes several things going wrong at once: geopolitics, repeated cyber incidents, and attack tooling that's now easy to obtain, with regulatory overload sitting in the background. Organizations are now juggling GDPR alongside a widening set of incident reporting regimes under laws such as NIS2 and DORA, which have raised the baseline for what needs to be disclosed - and how quickly."
Total GDPR fines across Europe reached roughly £1 billion (€1.2 billion) in 2025, up from £996 million in 2024, and cumulative penalties since May 2018 total €7.1 billion (£6.2 billion). From 28 January 2025 to the present, Europe's data protection authorities received an average of 443 personal data breach notifications per day, a 22% increase year-on-year and the first time daily reports have exceeded 400. Multiple simultaneous pressures are driving the trend: geopolitics, repeated cyber incidents, easily obtainable attack tooling, and regulatory overload. Organizations now face overlapping incident-reporting obligations under GDPR, NIS2, and DORA, increasing disclosure requirements and speed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]