Navigating the intersection of data privacy regulations and public health codes is becoming increasingly complex for healthcare organizations. Recent developments highlight the challenges of balancing the requirements of the General Data Protection Regulation (GDPR) with France’s Public Health Code.
The number of sanctions related to data breaches has significantly increased, jumping from 69 cases in 2024 to 97 in 2025, now accounting for 29% of all GDPR fines. This trend underscores the growing scrutiny of data handling practices, particularly within sensitive sectors like healthcare. The increasing frequency of these penalties reflects a broader emphasis on data security and compliance across industries.
One hospital in Brittany is emerging as a leader in managing security crises, proactively addressing these evolving challenges. The hospital’s approach includes improvements to its responsiveness regarding GDPR compliance. This proactive stance is expected to further enhance the hospital’s ability to react to security incidents.
The rise in cyberattacks, and the increasing industrialization of cyber threats, is also impacting the healthcare sector. According to recent reports, the obligations imposed by GDPR and the NIS2 directive are key factors driving the need for enhanced cybersecurity measures. The healthcare sector, along with public and all other sectors, are facing a more sophisticated and rapidly evolving threat landscape.
In 2025, GDPR fines totaled 1.15 billion euros, though the cost per user remains relatively low. This data suggests that while financial penalties are substantial, the overall impact on individual users is currently limited. Although, the increasing number of breaches and associated fines signal a growing need for robust data protection strategies.
