European DPAs issued a combined €1.45 billion in GDPR fines in 2025

Data protection agencies across Europe issued a combined 1,145,760,374 euros, or just over €1.45 billion in fines under the General Data Protection Regulation in calendar year 2025.

 

The European Data Protection Board revealed the figure in its recently-released Annual Report for the year 2025, stating that the fines represented agencies’ will to apply their investigative and corrective measures to ensure that organisations continued to adhere to pan-European data protection law.

 

The fines issued in 2025 represented a 4.5% reduction compared to the overall fines issued by European DPAs in 2024, and a 60% reduction compared to the €2.9 billion in fines issued in 2023. The massive figure in 2023 was dominated by a fine of €1.2 billion issued by the Irish data protection regulator to Meta for transferring personal data to the US without adhering to mandated regilatory safeguards.

 

Including the 2025 figures, European DPAs have so far issued a combined €4.2 billion in fines under the GDPR, a landmark EU law introduced in 2018 to govern how personal data of individuals within the European Union is collected, processed, and secured. 

 

According to the European Data Protection Board’s annual report, Ireland enjoyed the highest share in terms of the quantum of fines issued to erring organisations in 2025. The Irish DPC issued €530.77 million in fines in the calendar year, followed by France issuing €486.85 million in fines, and Germany issuing $48.11 million in fines.

 

Other major countries in the list included Spain, which issued 324 fines worth €45.2 million, Italy issuing 190 fines worth €14.97 million, Croatia issuing 13 fines worth €6.72 million and Estonia issuing five fines worth €3 million. Curiously, Slovakia issued the highest number of fines, totalling 542 instances, but the combined value of the fines was just €468,953. 

 

In comparison, the UK’s Information Commissioner’s Office issued a total of 15 fines worth over £21.75 million in calendar year 2025. The largest fines issued by the ICO included £14 million to Capita Group, £3.07 million issued to Advanced Computer Software Group, £2.31 million issued to 23andMe and £1.23 million in fines issued to LastPass UK Ltd. In Europe, the largest fines were issued to Amazon (€746 million), TikTok (€530 million) and Marina Salud which copped a €500,000 fine.

 

"The EDPB remains committed to guiding organisations and individuals through an evolving regulatory environment, ensuring that the GDPR continues to be a benchmark for privacy and innovation worldwide and a global standard for data protection and digital governance," said Anu Talus, chair of the European Data Protection Board.