As we go into mid-summer and Q3 2025, it’s time to take another moment to catch up on the updates regarding data handling and protection. Let’s see what the newest information to pay attention to is:
Cybersecurity – the good, the bad and the ugly
We’re written previously about the increasing cybersecurity protections and successes in the last quarter – including shutting down several gangs by various authorities, as well as a number of new AI-driven detection systems.
Unfortunately this is balanced by a continued spate of hazards – more complex spearphishing techniques, wider spectrum attacks, and as always constant ransomware threats.
The growth in attacks includes hitting different sectors, including some that view themselves as low-priority and lack sufficient protections. Ransomware attacks on K–12 schools, for example, are growing – having risen 69% across the education sector from Q1 2024 to Q1 2025, according to Comparitech. But as CoSN’s 2025 State of EdTech District Leadership report notes, only 13% of respondents perceive ransomware as a high risk. Schools join the healthcare sector as one of the sectors with the highest growing rate of attacks.
Regulations and required protections
EU regulations are seeing more development, as we wrote about in past months (mostly covering the Data Act and other recent developments). This includes national level alignment with EU-level guidelines: in a surprising example, the French gaming and gambling agency has used data protection regulation to harshly penalize an unnamed operator; breaching rules on data in France. The unidentified company has been ordered to pay €75,000 ($87,663) by the regulator after ANJ ruled the operator failed to fulfil obligations for real-time archiving and permanent data availability between 2022 and 2024.
The EU is also launching an investigation into major social media company TikTok again – alleging that European citizens’ data ended up in Chinese data centers. TikTok was previously already hit with a €530 million fine for failing to show that European users’ personal data was afforded the same high level of protection provided for under European law.
Further abroad, no less a company than McDonald’s is under fire for exposing job applicant personal data through failures in their applicant process chatbot. While no leak from that source is yet proven and the relative weakness of major regulatory bodies in the USA means consequences are unlikely, it is another high-profile case showing how our online-focused lives continue to expose our critical information to risk, both for organizations and individuals.
Your Data In Your Hands – With TECH-ARROW
