The latest GDPR Fines and Data Breach Survey published by DLA Piper said Europe’s data protection authorities were sent an average of 443 personal data breach notifications a day from 28 January 2025 to the present and that fines topped £1 billion (€1.2 billion) in 2025.
KEY FACTS
- Fines Roughly £1 billion (€1.2 billion) in 2025
- Cumulative €7.1 billion in penalties since May 2018
- Daily reports 443 personal data breach notifications on average since 28 January 2025
- Top enforcer Ireland has issued €4.04 billion in fines overall
The survey places the 2025 total fines at roughly £1 billion, a small rise from £996 million in 2024, and records a cumulative total of about €7.1 billion since GDPR came into force in May 2018.
The increase in reported breaches represents a 22 percent rise on the previous year and is the first time daily reports have averaged more than 400 since GDPR began.
The document links multiple contributing factors including geopolitics, repeated cyber incidents and widely available attack tooling. It also highlights that organisations face added reporting duties under new laws such as NIS2 and DORA.
Enforcement remains concentrated. Ireland issued the largest aggregate total of fines at €4.04 billion since 2018 and imposed the biggest single penalty of 2025, a €530 million fine against TikTok for unlawful international transfers. The largest GDPR sanction to date is a €1.2 billion fine against Meta from 2023.
WHY IT MATTERS
Higher daily breach notifications and steady fines increase compliance workloads and reinforce the need for organisations to maintain robust incident handling and cross‑border data transfer practices.