ICO’s Public Sector Approach: Why the Post Office Received a Reprimand Instead of a £1m Fine
In December 2025, the ICO concluded its investigation into a data breach that exposed personal information belonging to 502 victims…
Fines
This category examines notable fines imposed on organisations for data protection violations. Our expert analysis helps you understand the reasons behind these penalties and provides valuable insights to help your organisation avoid a similar fate.
The EU’s First DSA Fine: What X’s €120m Penalty Means for Digital Platform Compliance
On 5 December 2025, the European Commission issued its first-ever fine under the Digital Services Act (DSA). X, formerly Twitter,…
ICO fines Care Home Director for Deleting Data: The Warning Every Manager Should Read
On 3 September 2025, Jason Blake, 56, director of Bridlington Lodge Care Home in Yorkshire, was ordered to pay £1,100…
Canal+ fined €600k for GDPR breaches including failure to report data breach
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s…
Royal Mail fined £20,000 under PECR for marketing automation gone wrong
This case tells us that it is important to continually review the potential impact of human error or technical error…
The Biggest GDPR Fines So Far (2026)
UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices.
What the marketing team at Virgin Media got wrong about PECR
The ICO’s recent enforcement action against Virgin Media shows us that some marketers are still failing to understand the ICO’s…
Europe data privacy decisions round-up August 2021
The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative…
Most ironic PECR fine yet as firm selling nuisance call blocker fined under TPS rules
The Information Commissioner's Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493…
ICO fines protein e-commerce company Muscle Foods Limited for sending millions of marketing messages without valid consent
The ICO’s investigation found that Muscle Food’s had contravened Regulation 22 of PECR.
ICO fines “Digital Growth Experts Ltd” £60,000 for sending thousands of nuisance marketing texts during coronavirus pandemic
During their investigation the ICO found that Digital Growth Experts Ltd had breached regulations 22 and 23 of PECR.
Security firm fined under GDPR after employee used WhatsApp to transfer personal information
On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona…
Hotel group fined approx 148,000 euros for failing to delete over 500,000 customer profiles
If you have old contacts sitting around in your CRM or email marketing software, now is the time to delete…
Spanish Data Authority (AEPD) fines e-commerce website €3,000 for unlawful cookie practices
On 6 August 2020, the AEPD (Spain’s data authority) decided to fine Grow Beats SL, an e-commerce company that targets…
ICO Fine Cathay Pacific £500,000 for failing to protect customers’ data
On the 4th March 2020 the ICO reported that they will fine Hong-Kong based airline Cathay Pacific £500,000 for failing…