The Irish Data Protection Commission (DPC) remains Europe's largest data enforcer by a wide margin, having issued €4.04 billion in fines since May 2018.
The annual Data Breach Survey from law firm DLA Piper found that Ireland's GDPR fine total is almost four times more than second-placed France.
The DPC issued the largest fine of 2025, a €530 million penalty against TikTok over the transfer of the personal data of European users to China.
TikTok is currently appealing the ruling.
The Data Breach Survey shows that European GDPR fines totalled approximately €1.2bn in 2025, consistent with 2024 levels, with Ireland and France accounting for more than €1bn of the total.
Cumulative GDPR fines across Europe now stand at €7.1bn since 2018.
The €1.2bn fine issued against Meta by the DPC in 2023 remains the largest GDPR fine ever imposed.
The survey shows that 8 of the top 10 GDPR fines ever issued have been imposed by the Irish DPC.
Recent figures revealed, however, that of the €4.04bn in fines that have been imposed by the DPC, just €20 million has been paid so far due to legal challenges.
Across Europe, personal data breaches rose sharply, with average notifications increasing 22% to 443 per day, the first time daily breach notifications have exceeded 400 since GDPR came into force.
Ireland bucked this trend, recording a rise of just 3% in breach notifications year-on-year.
France overtook Luxembourg to become the second-largest enforcer overall, and is now the only other European country, after Ireland, to have issued more than €1bn in GDPR fines since 2018.
According to DLA Piper, while large technology and social media companies continue to attract the highest fines, regulators are increasingly scrutinising a wider range of sectors, including financial services, telecommunications and utilities.
"While the total value of fines held steady, regulators remain willing to impose substantial monetary penalties, despite ongoing criticism from outside the EU," said John Magee, Partner and Global Co-Chair Data, Privacy and Cybersecurity Group, DLA Piper.
"Ireland's Data Protection Commission remains Europe’s pre-eminent enforcer by some distance."
"The large uptick in personal data breach notifications across Europe is reflective of an increasingly risky cybersecurity threat landscape fuelled by heightened geopolitical tensions and high-profile cyberattacks," Mr Magee said.
