Data protection fining
Guidance explaining when penalty notices may be issued under UK GDPR, DPA 2018, and how fines are determined for non-compliance.
Documents
Details
The Information Commissioner enforces the UK GDPR and Data Protection Act 2018 (DPA 2018).
This document explains when penalty notices can be issued, such as for breaking data protection laws or failing to follow notices like enforcement or assessment notices. It also explains how fines are calculated.
Published under Section 160 of the DPA 2018, this guidance replaces the 2018 Regulatory Action Policy and provides clear rules for issuing penalties and setting fine amounts.
This document is also available on The Information Commissioner’s Office website.