Europe’s data protection authorities issued more than €1.145 billion in fines in 2025, reinforcing a steady trend of high-value GDPR enforcement driven largely by the bloc’s biggest regulators, according to the European Data Protection Board’s latest annual report.
There is a date that does not yet appear on any calendar. Cybersecurity experts refer to it as Q-Day, the moment when a quantum computer becomes capable of breaking the encryption that protects nearly all sensitive digital communications worldwide. No one knows the precise timing. Estimates vary from a few years to possibly a decade or more.
Poland’s financial sector is becoming more digital, more interconnected, and, as a result, more exposed. That’s what the 2025 cybersecurity report says, published by CSIRT KNF, which outlines a threat landscape that is not only growing, but shifting in ways that make it harder to contain.
There’s a quiet recalibration happening inside Europe’s data protection regime. It’s not a rollback of rules, and it’s not a loosening of standards. But in its 2025 annual report, Denmark's Data Protection Authority (Datatilsynet) offers a window into something more subtle. Regulators are starting to acknowledge what many organizations have been grappling with for years. Compliance, as written, doesn’t always translate cleanly into practice.
Poland has moved to bring the EU’s data governance ambitions closer to day-to-day reality, with lawmakers approving a national law designed to operationalize the bloc’s Data Governance Act. The Sejm of the Republic of Poland adopted amendments put forward by the Senate, clearing the way for the legislation to take effect once it is signed by the President and formally promulgated. The law will enter into force three months after that final step.
A cyberattack affecting the Europa.eu platform, the public-facing web presence of the European Commission, was identified on March 24, according to a statement released by the Commission. The incident impacted cloud infrastructure used to host the platform. The Commission said it took immediate steps to contain the attack and implement mitigation measures, adding that the availability of Europa websites was not disrupted.
Italy’s privacy regulator has fined Intesa Sanpaolo €31.8 million after concluding that a prolonged, undetected data breach exposed deep flaws in the bank’s internal controls and security oversight. The decision from the Italian Data Protection Authority follows an investigation triggered by the bank’s own breach notification in July 2024. What emerged was not a one-off lapse, but a pattern of unauthorized access stretching over more than two years.