The €7.1 Billion Reality Check
Since GDPR came into force in May 2018, European data protection authorities have issued 2,679 fines totalling over €7.1 billion. In 2025 alone, that figure reached €1.2 billion — the highest single-year total on record. Breach notifications hit 443 per day in 2025, a 22% increase over the previous year.
The era of gentle warnings and remediation plans is over. Regulators are issuing fines at scale, and the compliance burden on every organisation that processes personal data has never been higher.
August 2026: The EU AI Act Arrives
On 2 August 2026, the EU Artificial Intelligence Act becomes fully applicable across all member states. Organisations using AI systems classified as “high risk” must demonstrate compliance with requirements around transparency, data governance, human oversight and accuracy.
Crucially, in 2026 the AI Act and GDPR are converging. The use of personal data to train AI systems means that AI compliance and GDPR compliance are now inseparable assessments.
The Compliance Cost Is Rising
Organisations are spending 30–40% more on privacy compliance than in 2023. Nearly 56% of compliance professionals rank data privacy and security as their most important issues. Cross-border data transfers face additional pressure: the EU–US Data Privacy Framework remains under legal challenge, while new US rules carry penalties reaching $368,000 per violation.
IACT Data Protection Courses
- GDPR for Employees — essential awareness training for all staff
- GDPR for Data Protection Officers — in-depth compliance for DPOs
- Cybersecurity Course — technical and organisational security practices
- Fraud Awareness Training
- Anti-Money Laundering and Anti-Bribery and Corruption