EU issued over €1.2bn in GDPR fines in 2025 as multiple data breaches bite

• Personal data breach reports rose 22% year-over-year in 2025
• Ireland has issued some of the GDPR’s biggest fines, including 2025’s biggest
• Geopolitical tensions, new tech and new laws are all to blame

European regulators handed out over €1.2 billion ($1.4 billion) in GDPR-related fines throughout 2025, marking only a small increase compared with the year before despite a sharp rise in data breach notifications.

Data from DLA Piper found regulators handled an average of 443 personal data breach reports every single day from January 28, 2025 onwards, marking a considerable 22% rise compared with 2024. This was also the first year that breach notifications exceeded the 400 mark since GDPR came into force.

But instead of blaming the increase on one single cause, DLA Piper suggests a combination of multiple factors was responsible for the breaches.

You may like

• EU gears up for even more tough tech enforcement in 2026 as Trump warns of retaliation
• Meta promises to reduce data sharing for EU users by 2026 to avoid EU GDPR fines
• Major privacy laws – including GDPR – could be downgraded to try and boost AI growth and cut red tape

Data breach notifications were up last year in the EU

“It seems likely that geopolitical tensions, the abundance of new technologies available to threat actors to launch cyber-attacks, and the raft of new laws including incident notification requirements are all contributing factors,” the report concluded.

However, enforcement remained pretty concentrated with Ireland issuing the most GDPR fines. Ireland was responsible for issuing the highest fine in 2025, hitting TikTok with a €530 million fine. The country also holds the record for the highest-ever GDPR fine – a 2023 €1.2 billion fine against Meta. In total, Ireland has accounting for €4.04 billion in GDPR fines since the act was introduced.

Besides being hit with some of the biggest fines, Big Tech is also a key target in penalties with tech giants accounting for nine of the 10 biggest GDPR fines ever issued.

“The fact that combined GDPR fines held steady at EUR 1.2 billion shows regulators remain highly active, particularly in areas such as information security, international data transfers, transparency and the complex interplay between AI innovation and data protection laws,” DLA Piper UK Data, Privacy and Cybersecurity practice Chair Ross McKean wrote.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.