Skip to content Skip to footer

Loading Results

UK Privacy and Security Enforcement Tracker

Explore the actions taken by the UK privacy regulator for infringements of privacy laws during 2018


In our fifth annual UK Privacy and Security Enforcement Tracker, we review the key actions which the Information Commissioner’s Office (ICO), the UK privacy regulator, has taken for infringements of privacy laws during 2018.

In our UK interactive tool, we’ve merged the 2018 data with that captured in 2017, allowing you to explore the combined data or choose a specific year. Use the tool to explore the main reasons why fines have been imposed in the UK; understand the industry sectors most impacted and even take a look at the geographic spread of enforcements.

The full 2018 report can be downloaded below. 

UK findings

As at 15 May 2019, the ICO’s ‘Action we’ve taken’ website page showed that the regulator took a total of 67 enforcement actions during the 2018 calendar year. These included:

  • 16 Enforcement Notices which required the organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law.
  • 41 Monetary Penalty Notices (MPNs) resulting in organisations paying a fine - the more serious the breach, the higher the fine.
  • 6 Prosecutions against those who committed a criminal offence under the Data Protection Act 1998 (the Act) through the Court system.
  • 4 Undertakings which committed the organisations to a particular course of action in order to improve their compliance.

The fines issued related mainly to activity which took place prior to the GDPR implementation date of 25 May 2018 and none exceeded the upper fine limit of £500,000 possible under the Act. Though the number of enforcement actions in 2018 was 35% lower than in 2017, the cumulative value of fines still grew by £2.5m. The 2018 enforcements also revealed some interesting details:

  • A new infringement of Non-payment of the data protection fee, with the ICO issuing three bulk MPNs to companies in the manufacturing, finance and business industry sectors.
  • Marketing accounted for half of all the ICO’s enforcement actions with 64% due to telephone marketing.
  • A staggering total of 292 million people were impacted by the 67 breaches.

Use our interactive tool below to explore the UK data by breach type or by industry sector, and by year. As well as key statistics relating to the actions taken, you can also click on the reasons behind each enforcement to reveal detailed summaries for each breach. Please note that if there are no entries for your specific data selection, the filters will reset.

"As well as looking at how to improve their levels of legal compliance, I would encourage organisations to focus on how good approaches to the handling of personal data can help them to deliver on their business purpose, to help and sustain the creation of long term value and trust."

Fedelma GoodPwC Director

Global summary

Our 2018 global summary provides a synopsis of key privacy issues and trends in 36 countries - 18 in Europe and 18 in the rest of the world. 

You can access the full 2018 report here.

The 2017 data is still available here

Click here to explore the 2018 global data

Follow us

Contact us

Fedelma Good

Fedelma Good

Director, PwC United Kingdom

Tel: +44 (0)7730 598342