Disney CCPA settlement: why cross-device opt-outs must work account-wide
California’s 11 February 2026 settlement with Disney is one of the clearest CCPA warnings yet for teams that run the…
Fines
This category examines notable fines imposed on organisations for data protection violations. Our expert analysis helps you understand the reasons behind these penalties and provides valuable insights to help your organisation avoid a similar fate.
ICO secures £355,880.10 confiscation order against Rizwan Manjra — why insider misuse controls still matter
On 21 May 2026, the ICO said it had secured a £355,880.10 confiscation order against former motor-insurance worker Rizwan Manjra.…
General Motors CCPA settlement: why data minimization is now an enforcement risk
California’s settlement with General Motors shows how CCPA data minimisation is now an enforcement risk. Here’s what the case says…
ICO fines South Staffordshire PLC & South Staffordshire Water £963,900 after phishing-led breach exposed 633,887 people’s data
The ICO fined South Staffordshire £963,900 after a phishing-led cyber attack exposed 633,887 people’s data. What failed, and what managers…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
Advanced Computer Software Group Fined £3m by ICO for NHS Ransomware Data Breach — 2025
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
Age Verification Is No Longer Optional: How Regulators Are Raising the Bar
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
ICO’s Public Sector Approach: Why the Post Office Received a Reprimand Instead of a £1m Fine
In December 2025, the ICO concluded its investigation into a data breach that exposed personal information belonging to 502 victims…
The EU’s First DSA Fine: What X’s €120m Penalty Means for Digital Platform Compliance
On 5 December 2025, the European Commission issued its first-ever fine under the Digital Services Act (DSA). X, formerly Twitter,…
ICO fines Care Home Director for Deleting Data: The Warning Every Manager Should Read
On 3 September 2025, Jason Blake, 56, director of Bridlington Lodge Care Home in Yorkshire, was ordered to pay £1,100…
Canal+ fined €600k for GDPR breaches including failure to report data breach
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s…
Royal Mail fined £20,000 under PECR for marketing automation gone wrong
This case tells us that it is important to continually review the potential impact of human error or technical error…
The Biggest GDPR Fines So Far (2026)
UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices.
What the marketing team at Virgin Media got wrong about PECR
The ICO’s recent enforcement action against Virgin Media shows us that some marketers are still failing to understand the ICO’s…
Europe data privacy decisions round-up August 2021
The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative…
Most ironic PECR fine yet as firm selling nuisance call blocker fined under TPS rules
The Information Commissioner's Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493…
ICO fines protein e-commerce company Muscle Foods Limited for sending millions of marketing messages without valid consent
The ICO’s investigation found that Muscle Food’s had contravened Regulation 22 of PECR.
ICO fines “Digital Growth Experts Ltd” £60,000 for sending thousands of nuisance marketing texts during coronavirus pandemic
During their investigation the ICO found that Digital Growth Experts Ltd had breached regulations 22 and 23 of PECR.
Security firm fined under GDPR after employee used WhatsApp to transfer personal information
On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona…