For the first seven years of GDPR enforcement, data processors, the companies that handle personal data on behalf of someone else, were mostly implicated through their customers. A controller got fined; the processor was mentioned in the investigation; the liability stayed with the company that owned the customer relationship. That pattern changed in 2025. The … Continue reading GDPR Fines Are Now Landing on Hosting Companies Directly. Two Cases From 2025 Establish the Precedent.