ICO enforcement—database
ICO enforcement—database

The following Dispute Resolution guidance note provides comprehensive and up to date legal information covering:

  • ICO enforcement—database
  • Database notes
  • Regulatory and enforcement action by the Information Commissioner
  • Enforcement action under the GDPR and Data Protection Act 2018
  • ICO regulatory action policy
  • Monitoring enforcement and compliance trends

This database sets out details of recent enforcement actions taken by the Information Commissioner's Office (ICO). It is accessible by clicking on the link below:

ICO enforcement—database

Database notes

The database is separated into four sections:

  1. enforcement notices

  2. undertakings

  3. monetary penalties

  4. prosecutions

In each section:

  1. the first column of each section of the database lists the data controller/person concerned with a link to the underlying notice, decision or undertaking, where available from the ICO website

  2. the second and third columns set out the sector concerned and a summary of the decision

  3. the remaining columns provide further details including the date, the provision contravened, the nature of the contravention and the amount of any penalty, fine or costs (as applicable)

If any of the cells are blank, this indicates that the information was not provided in the relevant notice. Further details of enforcement action taken by the Information Commissioner are available on the ICO website.

Regulatory and enforcement action by the Information Commissioner

The Information Commissioner has a range of powers to take regulatory action and impose sanctions for breach of relevant data protection and information laws including, among others:

  1. General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR)

  2. Data Protection Act 2018 (DPA 2018) (and Data Protection Act 1998 (DPA 1998), repealed subject to transitional provisions)

  3. Privacy and Electronic Communications (EC Directive) Regulations