Europe Slaps Tech Sector with €1.2 Billion in Fines under GDPR in 2025
January 26, 2026
European data protection regulators levied roughly €1.2 billion in General Data Protection Regulation (GDPR) fines during 2025, as data privacy enforcement remains a key priority for authorities across the EU and European Economic Area (EEA).
Breach reports set new record
The annual DLA Piper GDPR Fines and Data Breach Survey finds that while aggregate fines were little changed from 2024, personal data breach notifications surged, marking a sharp shift from recent years.
For the first time since GDPR took effect in 2018, data protection authorities recorded an average of more than 400 personal data breach notifications per day between late January 2025 and January 2026 – a 22% year-on-year increase.
This rise indicates organizations are reporting incidents more frequently, reflecting both an uptick in actual breaches and evolving legal requirements around incident disclosure.
According to analysts from DLA Piper, the growth in breach reports may be driven by a combination of increased geopolitical tensions, more powerful cyber-attack tools accessible to threat actors, and overlapping incident-reporting regimes such as NIS2 and DORA that raise the baseline for disclosure expectations beyond GDPR alone.
Big Tech in the crosshairs
Although fines in 2025 roughly matched the previous year’s total, the enforcement landscape shows sustained regulatory vigilance. Since GDPR came into force in 2018, supervisory authorities have issued around €7.1 billion in penalties.
Ireland’s Data Protection Commission continues to lead the pack, levying more than half of all fines issued under GDPR, including the largest fine in 2025 — €530 million against TikTok parent company ByteDance for unlawful international data transfers.
The largest fine to date remains the €1.2 billion sanction against Meta in 2023.
Big technology firms account for nine of the 10 largest GDPR fines ever levied. Enforcement action also increasingly targets broader issues such as information security, transparency, and compliance with international transfer rules.
Consumer trust in Big Tech
As Bitdefender recently reported, Europe’s enforcement actions are part of wider efforts to ease the erosion in consumer trust in the digital ecosystem.
Read: Italy Fines Apple $116 Million over Consumer Privacy Rules
Read: Europe fines X €120 million in first enforcement of the Digital Services Act
Bitdefender’s 2025 Consumer Cybersecurity Survey shows that while netizens heavily rely on major platforms for communication, shopping, and financial services, growing fears around Big Tech's stronghold undermine their trust in digital services.
As our report notes, even when trust exists, it stops short of financial and personal details. Most consumers draw the line at sharing financial information, while 59% say they want to keep their credit card and payment data out of the reach of tech giants. One in five also want to shield photos (20%) and location data (19%).
Trust in ‘Big Tech’ looks different across the world. In the US, consumers are less concerned about sharing certain categories like location data, with only 14% wanting to keep it private, compared to more than one in five in Spain and Italy.
Europeans tend to be stricter about safeguarding personal details, shaped by years of GDPR-driven awareness. While American consumers focus on convenience, Europeans are more attuned to privacy — though both groups continue to rely on platforms they say they don’t fully trust.
How to protect your personal data
1. Monitor your accounts regularly
Check banking, email, social media, and other accounts for unusual activity. Early detection can limit damage if your data is exposed. Anyone affected by a data breach should consider a monitoring service. Bitdefender Digital Identity Protection alerts you if your data has been compromised or leaked online, identifies the risks you face, and provides guidance on how to protect yourself.
2. Use strong, unique passwords
Avoid using the same passwords on multiple platforms. Consider a reputable password manager to generate and store unique credentials.
3. Enable multi-factor authentication
Most online services offer it, but not all, unfortunately. Enable two-factor/multi-factor authentication for every online platform that offers it. A second verification step makes it harder for attackers to access your accounts even if your password is leaked.
4. Pay attention to breach notifications
If a service you use reports a breach, act quickly: update passwords, monitor credit reports where relevant, and consider identity theft protections.
5. Limit data shared online
Share as little personal information as possible on social platforms and opt out of unnecessary data collection when you can.
6. Review privacy settings
Regularly revisit privacy settings on apps and services — especially those that gather location, biometric, or sensitive personal data.
7. Know your GDPR rights
Under GDPR, you have rights to access, correct, delete, and restrict processing of your personal data. Contact the company or your local data protection authority if these rights are not respected.
You may also want to read:
EU Unveils Plan to Shield Citizens from ‘High-Risk’ Tech Suppliers
tags
Author
Filip has 17 years of experience in technology journalism. In recent years, he has focused on cybersecurity in his role as a Security Analyst at Bitdefender.
View all postsRight now Top posts
How Do You Manage Your Passwords? We Ask Netizens
December 18, 2025
Cybercriminals Use Fake Leonardo DiCaprio Film Torrent to Spread Agent Tesla Malware
December 11, 2025
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
