Excerpt from CSO Online Article, Published on January 29, 2026
The latest GDPR enforcement data shows that Reports of GDPR violations have surged significantly across the European Union. According to a new study by global law firm DLA Piper, regulators received an average of 443 daily reports of GDPR violations in 2025 — a 22% increase on the year before. This marks the first time daily breach notifications have crossed the 400 threshold since the General Data Protection Regulation took effect in 2018.
This dramatic uptick in reports underlines growing scrutiny of how organizations handle personal data. The study suggests that several complex forces — including rising geopolitical tensions, the proliferation of advanced cyber – attack tools, and broader incident reporting requirements — may have contributed to the escalation. However, analysts say the data cannot yet pin down a single root cause.
Despite the increase in reported violations, the total fines levied under GDPR in 2025 remained roughly in line with 2024 figures, at around €1.2 billion. This consistency reflects a continued willingness among European data protection authorities to impose substantial penalties for non – compliance. Since the regulation’s inception, cumulative GDPR fines have reached approximately €7.1 billion.
Among EU regulators, Ireland’s Data Protection Commission once again led enforcement, issuing the largest share of penalties from its base in Dublin. Irish authorities have now imposed more than €4.04 billion in fines since 2018. Notable individual fines in 2025 included a €530 million penalty against TikTok Technology Ltd. for unlawfully transferring EU user data to servers in China.
Industry leaders and compliance experts say the rise in breach reports underscores an important shift in regulatory focus from mere procedural compliance to a broader assessment of privacy risk and transparency. Organizations operating in sectors like technology, telecommunications, and finance are now under closer watch for potential GDPR infractions, and many are updating internal policies to reduce exposure.
To delve deeper into this topic, Visit CSO Online.
