GDPR one year on: measured enforcement is just the beginning
It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they…
It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they could have levied – a difference of billions.
As enforcement begins, the commission seems to be leaning towards a constructive approach – with some members stating publicly they do not wish to put companies out of business, or leverage a fine so large a company would be incapable of fixing the problem. The goal seems to be to incentivise companies to fix the problem, while letting them know that if they do not, the fine could get worse. As time goes on, this approach will likely change.
GDPR
What’s been done for data privacy since GDPR?
Majority of companies still aren’t GDPR-compliant
First fine under GDPR
Today, the commission seems to be rewarding good behaviour as much as it is punishing bad behaviour. A perfect example of this is the first company to be fined under the GDPR, a German social media platform called Knuddels. On first glance, the offense
When customer data spills or a recalled product stays on shelves, you face two immediate fires: legal deadlines and public panic. The law doesn’t wait. Europe’s GDPR gives you three days to report a serious breach. In the U.S., coordinating a recall means navigating agencies like the FDA (for food/drugs) or CPSC (for consumer products). …
Published
3 days ago
in
By
When customer data spills or a recalled product stays on shelves, you face two immediate fires: legal deadlines and public panic. The law doesn’t wait. Europe’s GDPR gives you three days to report a serious breach. In the U.S., coordinating a recall means navigating agencies like the FDA (for food/drugs) or CPSC (for consumer products). … Read More
Global Manager Group launched an ISO 27701:2025 PIMS kit with 155+ editable GDPR-aligned templates, audit tools, and a compliance matrix to speed certification and privacy compliance…
Published
7 days ago
in
By
Global Manager Group launched an ISO 27701:2025 PIMS kit with 155+ editable GDPR-aligned templates, audit tools, and a compliance matrix to speed certification and privacy compliance… Read More
Understanding media performance in digital marketing is like navigating a maze that constantly changes. The emergence of platforms like TikTok has revolutionized how brands connect with their audience, adding layers of complexity and opportunity. However, with regulatory changes such as GDPR and iOS 14.5 updates, eCommerce brands are now facing a growing challenge: gaining clear
Published
2 months ago
in
By
Understanding media performance in digital marketing is like navigating a maze that constantly changes. The emergence of platforms like TikTok has revolutionized how brands connect with their audience, adding layers of complexity and opportunity. However, with regulatory changes such as GDPR and iOS 14.5 updates, eCommerce brands are now facing a growing challenge: gaining clear […… Read More
Share Share by: Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Personal data breach reports rose 22% year-over-year in 2025 Ireland has issued some of the GDPR’s biggest fines, including 2025’s biggest Geopolitical tensions, new tech
Published
2 months ago
in
By
Share by:
Facebook
X
Whatsapp
Reddit
Pinterest
Flipboard
Threads
Email
Share this article
0
Join the conversation
Follow us
Add us as a preferred source on Google
Personal data breach reports rose 22% year-over-year in 2025
Ireland has issued some of the GDPR’s biggest fines, including 2025’s biggest
Geopolitical tensions, new tech and new laws are all to blame
European regulators handed out over €1.2 billion ($1.4 billion) in GDPR-related fines throughout 2025, marking only a small increase compared with the year before despite a sharp rise in data breach notifications.
Data from DLA Piper found regulators handled an average of 443 personal data breach reports every single day from January 28, 2025 onwards, marking a considerable 22% rise compared with 2024. This was also the first year that breach notifications exceeded the 400 mark since GDPR came into force.
But instead of blaming the increase on one single cause, DLA Piper suggests a combination of multiple factors was responsible for the breaches.
You may like
EU gears up for even more tough tech enforcement in 2026 as Trump warns of retaliation
Meta promises to reduce data sharing for EU users by 2026 to avoid EU GDPR fines
Major privacy laws – including GDPR – could be downgraded to try and boost AI growth and cut red tape
Data breach notifications were up last year in the EU
“It seems likely that geopolitical tensions, the abundance of new technologies available to threat actors to launch cyber-attacks, and the raft of new laws including incident notification requirements are all contributing factors,” the report concluded.
However, enforcement remained pretty concentrated with Ireland issuing the most GDPR fines. Ireland was responsible for issuing the highest fine in 2025, hitting TikTok with a €530 million fine. The country also holds the record for the highest-ever GDPR fine – a 2023 €1.2 billion fine against Meta. In total, Ireland has accounting for €4.04 billion in GDPR fines since the act was introduced.
Besides being hit with some of the biggest fines, Big Tech is also a key target in penalties with tech giants accounting for nine of the 10 biggest GDPR fines ever issued.
“The fact that combined GDPR fines held steady at EUR 1.2 billion shows regulators remain highly active, particularly in areas such as information security, international data transfers, transparency and the complex interplay between AI innovation and data protection laws,” DLA Piper UK Data, Privacy and Cybersecurity practice Chair Ross McKean wrote.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
