This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

Data Protection Penalties

All UK organisations must comply with the Data Protection Act (DPA). If your organisation is found to be in breach of the DPA, not only will you incur possible loss of business and brand damage but you could be subject to a penalty from The UK Information Commissioner's Office (ICO).

Amongst its powers, the ICO can prosecute and issue fines of up to £500,000 and undertake proceedings that can lead to prison sentences.

On this page we will explain about different Data Protection Penalties and how they can be prevented.

On this page:

DPA Penalties And The ICO

The ICO has several options when it finds an organisation in breach of the Data Protection Act:

  • Monetary penalty notices: Fines of up to £500,000 for serious breaches of the DPA.
  • Prosecutions and possible prison sentences for deliberate acts of breaching the DPA.
  • Undertakings: Organisations have to commit to a particular course of action to improve their compliance and avoid further action from the ICO.
  • Enforcement notices: Organisations in breach of legislation are required to take specific steps in order to comply with the law.
  • Audit: The ICO has the authority to audit government departments without consent.

Monetary penalty notices

In April 2010 the ICO was granted the power to issue fines of up to £500,000 for serious DPA breaches. As the ICO clamps down on more and more organisations, the number and value of fines issued has rocketed:

  • 2010: two fines totalling £160,000
  • 2011: seven fines totalling £541,100
  • 2012: 17 fines totalling £2,143,000
  • 2013 (to August): nine fines totalling £1,120,000
  • 2013 total was: £1,520,000
  • 2014 including June 2014: £485,000

You can read all about the latest fines on the ICO's website

Breaching the DPA

In November 2012, the ICO fined Prudential £50,000 for breaching the DPA. The significance of this was that this was the first time the ICO had fined an organisation not for losing data but for using it incorrectly. Complying with the DPA is not just about confidentiality; it is also about the integrity and availability of that information.

Learn more about the DPA's requirements here.

So what can constitute a breach of the DPA? Here are some examples, as reported by the ICO:

  • Sending spam texts
  • Sending information to the wrong recipient
  • Confusing customer records
  • Failure to encrypt sensitive information
  • Loss of paper records
  • Not disposing of records correctly

Solutions To DPA Compliance

As compliance specialists we have been helping organisations achieve and maintain DPA compliance for over 10 years. We recommend that organisations follow this standard approach to achieving DPA compliance:

  • Understand what the DPA is how it affects your business
  • Identify your current level of conformance to the DPA
  • Identify gaps and steps to achieve compliance
  • Document your DPA policies
  • Understand how to react if you suffered a data breach
  • Initiate DPA staff training


We have developed and sourced many products which will help any organisation meet the requirements of the DPA, whatever stage it may have reached in its compliance project:

The Data Protection Act Foundation Course is a logical place for any organisation to start. This one-day course provides an overview of the DPA, after which delegates will understand what is required for their organisation to become compliant.

The DPA Compliance Toolkit contains all the document templates and tools that are essential for achieving compliance. The toolkit also includes guidance on how to complete these templates and what to do to ensure on-going compliance.

The DPA Compliance with BS 10012 Toolkit provides templates and model documents for those implementing a Personal Information Management System (PIMS) according to British Standard BS10012.

We also provide a comprehensive DPA bookstore. These titles have been deemed most useful by our customers:

Buy DPA toolkits

Data Protection Act Compliance Toolkit

Buy now

+44 (0) 845 070 1750
live chat support software