UK GDPR enforcement by the Information Commissioner’s Office—tracker

Copyright © 2025 LexisNexis
Published by a LexisNexis Information Law expert
Practice notes
Data Protection Toolkit

UK GDPR enforcement by the Information Commissioner’s Office—tracker

Copyright © 2025 LexisNexis

Published by a LexisNexis Information Law expert

Practice notes
Data Protection Toolkit
imgtext

This Practice Note tracks Enforcement actions in the UK by the UK Information Commissioner’s Office (ICO) under:

  1. the EU’s General Data protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020), and

  2. the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period on 31 December 2020)

Assimilated law is the name given to retained EU law which remains in force after the end of 2023. For information about the background to the UK GDPR and its relationship with the EU GDPR, see Practice Note: The UK General Data Protection Regulation (UK GDPR)—Summary of key legislation.

Entries may adopt common data protection abbreviations such as DPIA (for data protection impact assessment) and DSAR (data subject access request)—for an introduction to the area and to key terms, see Practice Notes: Data protection law—new starter guide

Powered by Lexis+®
Jurisdiction(s):
United Kingdom and Ireland
Related legal acts:
Key definition:
Enforcement definition
What does Enforcement mean?

The action of compelling a party to comply with a judgment where it has not been complied with voluntarily and the time ordered for compliance has expired.

Read more readmore

Popular documents

What are the differences between joint controllers and controllers in common under the GDPR? What is the

What are the differences between joint controllers and controllers in common under the GDPR? What is the difference in liability if a party is a joint controller with another, compared to where the parties are controllers in common?(1) What are the differences between joint controllers and

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both