GDPR fines surpass £1 billion as data breach notifications surge

GDPR fines in Europe have exceeded £1 billion in 2025, with regulators receiving over 400 data breach notifications daily, indicating a significant increase in enforcement activity. This surge suggests that the era of regulatory enforcement following a period of plateau has firmly arrived, according to a recent report by The Register.

The DLA Piper GDPR Fines and Data Breach Survey revealed that total fines issued across Europe reached approximately £1 billion (€1.2 billion, or $1.4 billion) in 2025, a slight increase from the previous year. Since GDPR's inception in May 2018, cumulative penalties now stand at €7.1 billion ($8.4 billion). The number of personal data breach notifications has also dramatically risen, averaging 443 per day from January 28, 2025, marking the first time this figure has surpassed 400 since the regulation's implementation. This increase is attributed to a combination of factors including geopolitical events, persistent cyber incidents, accessible attack tooling, and regulatory overload, as organizations now contend with multiple disclosure regimes like NIS2 and DORA.

Ireland continues to lead in enforcement, issuing the largest single fine of €530 million ($625 million) to TikTok in 2025, though Meta's €1.2 billion ($1.4 billion) penalty from two years prior remains the record. Big tech companies remain the primary targets, with nine of the 10 largest GDPR fines levied against them, underscoring the ongoing scrutiny of major technology firms.

Source: The Register