European data protection authorities imposed more than 330 sanctions in 2025 for non-compliance with the General Data Protection Regulation in the community sphere. The global amount of fines approached 1.150 billion euros, a figure that reflects the magnitude of the infractions detected in key sectors
Media and telecommunications concentrate 80% of sanctions
The largest volume of economic sanctions, exceeding 1.030 billion euros, was due to the processing of personal data without a sufficient legal basis. The media, telecommunications, and broadcasting sectors were responsible for more than 80% of the total sanctioned, placing these activities at the center of regulatory scrutiny
TikTok received the highest fine of the year in its sector, with 530 million euros. When divided among the affected users, the penalty amounted to just 2.64 euros per person. Google accumulated fines of 200 and 125 million euros, while SHEIN was fined 150 million euros.
Lack of security and increase in cyberattacks
The most common infringement in 2025 was the adoption of insufficient technical and organizational measures to protect information. Sanctions for lack of security increased from 69 cases in 2024 to 97 in 2025, which shows an upward trend in the risks associated with data protection
The industrial and commercial sector was the most affected by sanctions related to cyberattacks, massive leaks, or unauthorized access to databases. This was followed by the fields of finance, insurance, consulting, and healthcare, where the consequences of a security breach can be especially serious.
Global impact and new technological risks
Since 2004, more than 3.2 billion data breaches have been registered worldwide. This context of growing exposure is aggravated by the evolution of the techniques employed by cybercriminals
"Every permission accepted without reading, every piece of data shared without necessity, contributes to making our privacy even cheaper" - Tomas Stamulis, Surfshark's director of security
The rise of artificial intelligence has added a new layer of risk. Cybercriminals use these tools to automate and perfect attacks, making it difficult to protect personal and business information
"The rise of artificial intelligence adds a new layer of risk" - Tomas Stamulis
In some cases, the penalty per affected user was barely two and a half euros. Regulatory pressure and the sophistication of attacks are forcing companies and organizations to strengthen their protection systems in the face of a constantly evolving threat scenario.