Europes GDPR cops dished out 12B in fines last year The Register

pGDPR fines pushed past the 1 billion 12 billion mark in 2025 as Europes regulators were deluged with more than 400 data breach notifications a day according to a new survey that suggests the postplateau era of enforcement has well and truly arrivedppThe figures come from the latest GDPR Fines and Data Breach Survey published by DLA Piper which puts total fines issued across Europe last year at roughly 1 billion 12 billion up from 996 million in 2024 While that yearonyear increase is modest regulators have now handed down 71 billion 62 billion in penalties since GDPR came into force in May 2018 ppThe fines may look familiar but breach reporting does not From 28 January 2025 to the present Europes data protection authorities received an average of 443 personal data breach notifications a day Thats up 22 percent on the year before and marks the first time daily reports have pushed past 400 since the regulation came into forceppThe firm avoids pointing to a single root cause Rather than offering a neat explanation the survey describes several things going wrong at once geopolitics repeated cyber incidents and attack tooling thats now easy to obtain with regulatory overload sitting in the background Organizations are now juggling GDPR alongside a widening set of incident reporting regimes under laws such as NIS2 and DORA which have raised the baseline for what needs to be disclosed and how quicklyppRoss McKean chair of DLA Pipers UK data privacy and cybersecurity practice said that the numbers should be read as a warning not just another set of stats Confirmation of such a significant increase in personal data breach notifications in black and white is for me the quieting canary he said ppCoupled with the slew of new cybersecurity laws impacting business some of which impose personal liability on members of management bodies our report underscores the urgency and need for organizations to optimize cyber defences and operational resilienceppOn the enforcement side the familiar names remain at the top of the leaderboard Ireland once again dominates the tables with aggregate fines issued by the Irish Data Protection Commission now reaching 404 billion since GDPR began accounting for well over half of all fines issued across Europe during that period France and Luxembourg are next in line but a long way back showing how much of GDPR enforcement is being driven by a small number of regulatorsppIreland also handed down the biggest single penalty of 2025 a 530 million fine against TikTok over unlawful international data transfers That still wasnt enough to unseat the current record set two years earlier when regulators hit Meta with a 12 billion sanction Big tech remains the favorite target with DLA Piper noting that nine of the ten largest GDPR fines on the books have landed thereppSeven years in and GDPR appears to be finding its stride The penalties are routine the breach reports are back on the rise and the paperwork is as relentless as ever ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p