Europe’s GDPR Fines Hold at €1.2bn as Enforcement Stays Relentless
Europe’s privacy regulators continued to levy penalties at scale in 2025, with total GDPR fines reaching approximately €1.2bn.
News
Privacy and compliance news
Stay informed with the latest developments in GDPR enforcement, cybersecurity threats, regulatory fines, and AI regulation. We curate the news that matters most to privacy and compliance professionals.
Ireland Remains a Key GDPR “Hub” as Cross-Border Cases Drive Visibility
Ireland continues to sit at the centre of European GDPR enforcement, largely because many major technology companies have their European headquarters there.
The “Helsinki Statement”: EDPB Signals a Push to Make GDPR Compliance Easier for SMEs
The European Data Protection Board adopted a landmark statement aimed at improving GDPR usability for micro, small and medium organisations.
EDPB Challenges “Forced Accounts” in Online Shopping: Guest Checkout Back in Focus
The EDPB has opened a public consultation on when e-commerce websites can lawfully require users to create accounts before purchasing goods or services.
Processor Binding Corporate Rules: EDPB Opens Consultation on Recommendations 1/2026
The EDPB has launched a public consultation on Recommendations 1/2026, focused on the approval process and required elements for Processor Binding Corporate Rules.
EDPB Standardises the Route for Ad-Hoc Clauses and New SCCs
The EDPB published a procedure document setting out how supervisory authorities should cooperate when authorising ad-hoc contractual clauses and new SCCs.
TikTok’s €530m GDPR Fine: Transfers to China and Transparency Under the Microscope
Ireland’s Data Protection Commission issued a decision fining TikTok €530 million and ordering corrective measures following an inquiry into transfers to China.
Reading the Fines: Why the GDPR Enforcement Tracker is Becoming a Boardroom Input
The CMS GDPR Enforcement Tracker is becoming a key input for risk discussions, offering a practical lens on what regulators are prioritising.
Regulators Push Back on AI Simplification: Joint Opinion Warns Against Weakening Rights
The EDPB and EDPS have adopted a Joint Opinion on the European Commission’s proposal to simplify AI rules, warning that simplification must not lower protection.
The EU Digital Omnibus Debate: Easier Rules or a Rollback of Protections?
The European Commission’s “Digital Omnibus” proposal aims to streamline rules, but critics warn of specific delays to high-risk AI requirements.
EU Cybersecurity Package: Commission Moves to Strengthen Resilience
The European Commission proposed a new cybersecurity package to strengthen EU resilience, explicitly referencing amendments affecting the NIS2 framework.
“High-Risk Supplier” Exclusions: EU Eyes Tougher Cybersecurity Act Rules
The EU is planning to phase out components from high-risk suppliers in critical infrastructure as part of a proposed revision of the Cybersecurity Act.
Cybersecurity Act Review: What to Expect as EU Certification Expands
The European Parliamentary Research Service has outlined the evolution of cybersecurity certification, aiming for schemes recognised across Member States.
Ireland’s NCSC Publishes Draft NIS2 Risk Management Measures
Ireland’s National Cyber Security Centre published draft Risk Management Measures guidance intended to support implementation of NIS2 requirements.
Irish Legal Update: NIS2 Guidance Signals a Wider Net and More Reporting
The Law Society Gazette reported on the NCSC’s guidance, noting the anticipated scope expansion and practical need for organisations to check if they are in scope.
Ransomware Hits the Irish Ombudsman: A Public-Sector Wake-Up Call
A ransomware attack against Ireland’s Office of the Ombudsman caused major disruption, locking investigators out of key systems.
Stay ahead of regulatory changes
Get the latest GDPR news, enforcement actions, and compliance insights delivered to your inbox.
Need help staying compliant with evolving regulations?
See how Acompli helps