The European data protection authorities imposed in 2025 more than 330 sanctions for breaches of the General Data Protection Regulation in the community scope. The global amount of the fines approached 1.15 billion euros, a figure that reflects the magnitude of the infringements detected in key sectors.
Media and telecommunications concentrate 80 % of the sanctions
The largest volume of economic sanctions, exceeding 1,030 million euros, was due to the processing of personal data without a sufficient legal basis. The media, telecommunications, and broadcasting sectors were responsible for more than 80% of the total sanctioned, which places these activities at the center of regulatory oversight.
TikTok received the highest fine of the year in its sector, with 530 million euros. When divided among the affected users, the sanction resulted in barely 2.64 euros per person. Google accumulated fines of 200 and 125 million euros, while SHEIN was fined 150 million euros.
Lack of security and increase in cyberattacks
The most common infringement in 2025 was the adoption of insufficient technical and organizational measures to protect information. Sanctions for lack of security increased from 69 cases in 2024 to 97 in 2025, which evidences an upward trend in risks associated with data protection.
The industrial and commercial sector was the most affected by sanctions related to cyberattacks, massive leaks, or unauthorized access to databases. They were followed by the fields of finance, insurance, consulting, and healthcare, where the consequences of a security breach can be especially serious.
Global impact and new technological risks
Since 2004, more than 3.2 billion data breaches have been registered worldwide. This context of increasing exposure is aggravated by the evolution of techniques employed by cybercriminals.
"Every permission accepted without reading, every data shared unnecessarily, contributes to further cheapen our privacy" - Tomas Stamulis, security director of Surfshark
The rise of artificial intelligence has added a new layer of risk. Cybercriminals use these tools to automate and perfect attacks, which makes it difficult to protect personal and business information.
"The rise of artificial intelligence adds a new layer of risk" - Tomas Stamulis, Head of Security at Surfshark
In some cases, the sanction per affected user was barely two and a half euros. Regulatory pressure and the sophistication of attacks force companies and organizations to strengthen their protection systems in the face of a constantly evolving threat landscape.