This category examines notable fines imposed on organisations for data protection violations. Our expert analysis helps you understand the reasons behind these penalties and provides valuable insights to help your organisation avoid a similar fate.
The ICO fined South Staffordshire £963,900 after a phishing-led cyber attack exposed 633,887 people’s data. What failed, and what managers…
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
In December 2025, the ICO concluded its investigation into a data breach that exposed personal information belonging to 502 victims…
On 5 December 2025, the European Commission issued its first-ever fine under the Digital Services Act (DSA). X, formerly Twitter,…
On 3 September 2025, Jason Blake, 56, director of Bridlington Lodge Care Home in Yorkshire, was ordered to pay £1,100…
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s…
This case tells us that it is important to continually review the potential impact of human error or technical error…
UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices.
The ICO’s recent enforcement action against Virgin Media shows us that some marketers are still failing to understand the ICO’s…
The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative…
The Information Commissioner's Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493…
The ICO’s investigation found that Muscle Food’s had contravened Regulation 22 of PECR.
During their investigation the ICO found that Digital Growth Experts Ltd had breached regulations 22 and 23 of PECR.
On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona…
If you have old contacts sitting around in your CRM or email marketing software, now is the time to delete…
On 6 August 2020, the AEPD (Spain’s data authority) decided to fine Grow Beats SL, an e-commerce company that targets…
On the 4th March 2020 the ICO reported that they will fine Hong-Kong based airline Cathay Pacific £500,000 for failing…
