ICO Enforcement Actions

Information Commissioner's Office enforcement actions — monetary penalties, enforcement notices, reprimands, and undertakings for data protection and FOI failures.

211

Total Actions

Monetary Penalties

£51,139,873

Total Fines (£)

Actions by Type

Key Insights

The ICO has taken 211 enforcement actions tracked here, including 58 monetary penalties and 100 reprimands. Total fines: £51,139,873.

Public bodies subject to ICO enforcement — NHS trusts, police forces, councils — can be cross-referenced with their inquiry recommendation delivery records to surface patterns between governance failures and accountability gaps.

Showing 211 actions

Grindr LLC

Reprimand grindr-llc

The ICO deemed that Grindr has failed to provide effective and transparent privacy information to its UK data subjects in relation to the processing of their personal data.

26 Jul 2022 ICO

Direct Clothing Co. (UK) Limited

Reprimand General business direct-clothing-co-uk-limited

On 19 August 2021, Direct Clothing Co. (UK) Limited (DCCUK) were contacted by a customer who advised that their payment card had been defrauded after using DCCUK’s website. An investigation …

18 Jul 2022 ICO

Department of Health and Social Care

Reprimand UK GDPR Central government department-of-health-and-social-care

The ICO has issued the DHSC with a reprimand in relation to data protection compliance matters under the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UKGDPR) …

11 Jul 2022 Department of Health and Social Care ICO

Allied Health Professionals

Reprimand allied-health-professionals

Allied Health Professionals have been issued with a reprimand for accidentally making data accessible to health care providers when data subjects had not given consent for this data to be …

29 Jun 2022 Environment Agency ICO

Bolton at Home

Reprimand bolton-at-home

Bolton at Home has been issued with a reprimand for the inappropriate disclosure of personal data.

07 Jun 2022 Office of Manpower Economics ICO

Warrington and Halton Hospitals NHS Foundation Trust

Reprimand warrington-and-halton-hospitals-nhs-foundation-trust

An appointments administrator uploaded a patient’s urgent referral form to the wrong patient’s notes.

17 May 2022 Defence Academy of the United Kingdom ICO

Epsom and St Helier University Hospitals NHS Trust

Reprimand Health epsom-and-st-helier-university-hospitals-nhs-trust

incorrect test result data was passed by Epsom & St Helier University Hospitals NHS Trust (the Trust) to Public Health England (PHE) resulting in individuals erroneously being contacted via the …

07 Apr 2022 Epsom and St Helier University Hospitals NHS Trust ICO

North Yorkshire County Council

Reprimand Local government north-yorkshire-county-council

An NYCC employee failed to accurately complete the print to post process and as a result two envelopes containing multiple letters were sent to two different recipients.

07 Apr 2022 North Yorkshire County Council ICO

Chief Constable of North Yorkshire Police

Reprimand Data Protection Act 2018 Criminal justice chief-constable-of-north-yorkshire-police

North Yorkshire Police has been issued with a reprimand in accordance with Schedule 13 (2) of the DPA 2018.

02 Mar 2022 British Library ICO

NHS National Services Scotland (NHS NSS)

Reprimand Health nhs-national-services-scotland-nhs-nss

NHS National Services Scotland (NHS NSS) has been issued with a reprimand in accordance with Article 58(2)(b) of the UK General Data Protection Regulation.

24 Feb 2022 Committee on Toxicity of Chemicals in Food, Consumer Products and the Environment ICO

Welsh Language Commissioner

Reprimand Regulators welsh-language-commissioner

The ICO have decided to issue the WLC with a reprimand in accordance with Article 58(2)(b) of the General Data Protection Regulation.

22 Jan 2022 Welsh Language Commissioner ICO