Explore the actions taken by the UK privacy regulator for infringements of privacy laws during 2018
were issued in total
value of fines
increase in fines since 2017
of fines for marketing infringements
In our fifth annual UK Privacy and Security Enforcement Tracker, we review the key actions which the Information Commissioner’s Office (ICO), the UK privacy regulator, has taken for infringements of privacy laws during 2018.
In our UK interactive tool, we’ve merged the 2018 data with that captured in 2017, allowing you to explore the combined data or choose a specific year. Use the tool to explore the main reasons why fines have been imposed in the UK; understand the industry sectors most impacted and even take a look at the geographic spread of enforcements.
The full 2018 report can be downloaded below.
As at 15 May 2019, the ICO’s ‘Action we’ve taken’ website page showed that the regulator took a total of 67 enforcement actions during the 2018 calendar year. These included:
The fines issued related mainly to activity which took place prior to the GDPR implementation date of 25 May 2018 and none exceeded the upper fine limit of £500,000 possible under the Act. Though the number of enforcement actions in 2018 was 35% lower than in 2017, the cumulative value of fines still grew by £2.5m. The 2018 enforcements also revealed some interesting details:
Use our interactive tool below to explore the UK data by breach type or by industry sector, and by year. As well as key statistics relating to the actions taken, you can also click on the reasons behind each enforcement to reveal detailed summaries for each breach. Please note that if there are no entries for your specific data selection, the filters will reset.
"As well as looking at how to improve their levels of legal compliance, I would encourage organisations to focus on how good approaches to the handling of personal data can help them to deliver on their business purpose, to help and sustain the creation of long term value and trust."