It’s been more than two years since the much vaunted launch of the GDPR and in that time we’ve seen the ICO flex its powers with increasingly heavy-duty penalties against high-profile companies here in the UK.

Read on to find out how the numbers compare across different incidents, and how the top fines imposed on UK companies compare to its EU counterparts.



Legal Framework
The GDPR empowers supervisory authorities such as, in the UK, the Information Commissioner’s office (ICO) to impose fines and establish criteria for their assessment. Art. 83 of theGDPR provides that fines should be proportionate and dissuasive. There is hardly any obligation laid down by the GDPR where non-compliance cannot be sanctioned with a fine.
Click here for details of the two tiers of GDPR non-compliance and the associated penalties.