€42m GDPR sanction for telco. 2025’s biggest breach fines

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

The 10 biggest data breach fines and settlements of 2025

infosecurity-magazine.com • 6 min read

💶 A round-up of major GDPR data breach enforcement actions in 2025 shows European regulators continuing to impose significant penalties for cross-border transfers, weak security controls and accountability failures.... read more

Stats are based on IBM’s Cost of a Data Breach Report 2025.

France fines telcos €42M for sub-par security prior to 24M customer breach

theregister.com • 4 min read

💥France’s data protection authority CNIL has fined two telecom operators belonging to the same group a total of €42 million following a data breach affecting millions of customers. The breach revealed basic security weaknesses, poor breach communication, and unlawful data retention practices… read more

Romania’s proposed “shame list” for individuals raises GDPR concerns

digi24.ro • 6 min read

😱 A Romanian government proposal to publicly list individual tax debtors and even compliant taxpayers has prompted strong warnings from privacy lawyers, who claim that the measures breach GDPR principles of proportionality and data minimisation… read more (article in Romanian).

CNIL maps GDPR certifications and codes of conduct across Europe

cnil.fr/en • 10+ min read

💡France’s data protection authority has published new EU-wide maps showing approved GDPR certifications and codes of conduct, helping organisations identify recognised compliance tools by sector and Member State … read more

See the maps: Codes of Conduct Map & Certifications Map.

The Romanian DPA has fined McDonald’s €8000

startupcafe.ro • 3 min read

💶 Romania’s data protection authority has fined the local McDonald’s operator following a cyber incident that exposed personal data belonging to employees. The fine was issued due to inadequate technical and organisational security measures… read more (article in Romanian).

More GDPR news from Romania: A Romanian court has upheld a data protection fine against Călin Georgescu (article in Romanian).

--

Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.