GDPR Enforcement Tops €1.1 Billion in 2025 as Europe’s Largest Regulators Continue to Lead

Key Takeaways

• €1.1 Billion in Fines: EU data protection authorities issued 2,161 fines totaling approximately €1.145 billion in 2025.
• Major Regulators Lead: France, Spain, Italy, Ireland, and Germany continue to dominate enforcement by value and influence.
• Germany Leads in Volume: Germany issued the highest number of fines at 499 cases.
• Enforcement Models Vary: Some jurisdictions prioritize high volumes, while others focus on fewer, higher-value cases.
• Cross-Border Coordination Continues: Over 400 cross-border cases were registered, supported by the One-Stop-Shop mechanism.

Deep Dive

Europe’s data protection authorities issued more than €1.145 billion in fines in 2025, reinforcing a steady trend of high-value GDPR enforcement driven largely by the bloc’s biggest regulators, according to the European Data Protection Board’s latest annual report.

In total, authorities across the EU handed down 2,161 fines over the course of the year, reflecting both the scale and maturity of enforcement activity nearly seven years after the regulation took effect.

The data shows that enforcement remains concentrated among a handful of major jurisdictions. France led in total fines issued, with €486.8 million, followed by Spain at €45.2 million and Italy at €15 million. Ireland and Germany also remained key players, with Germany issuing the highest number of fines overall at 499 cases.

These regulators benefit from larger budgets, deeper investigative resources, and jurisdiction over many of the world’s largest technology firms, which are factors that continue to shape the enforcement landscape.

While smaller authorities are increasingly active, the overall value of fines remains heavily influenced by high-profile cases handled by these larger supervisory bodies.

Volume Versus Value Across the Bloc

The 2025 figures highlight a persistent divide between jurisdictions that prioritize volume and those that focus on fewer, higher-value enforcement actions.

Germany’s nearly 500 fines contrast sharply with countries like Ireland, where fewer but more complex, cross-border cases often result in substantial penalties. Spain and Italy sit somewhere in between, combining relatively high volumes with significant total fines.

France, once again, stands out for the scale of its penalties, underscoring its continued role as one of the EU’s most influential enforcement authorities.

A More Distributed Enforcement Environment

Even as the largest regulators dominate the headline figures, the broader dataset reflects a more distributed enforcement environment across Europe.

Countries such as Romania, Slovakia, and Slovenia recorded high volumes of fines, while others registered smaller numbers of cases but with comparatively higher monetary impact in individual decisions.

This reflects the flexibility built into the GDPR framework, where supervisory authorities can tailor enforcement actions using a range of corrective powers, from warnings and reprimands to administrative fines.

The EDPB’s report also points to continued reliance on coordination mechanisms to manage cross-border enforcement. In 2025, 414 cross-border cases were registered, with 1,299 procedures initiated under the One-Stop-Shop mechanism and 572 resulting in final decisions.

Alongside enforcement, the Board continued to focus on harmonization and guidance, particularly as the GDPR increasingly intersects with newer digital regulations, including the Digital Services Act and Digital Markets Act.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.