Skip to main content

Fines and complaints

Does the ICO publish actions it takes against companies, even small businesses, and sole traders?

Yes, we almost always publish action we take against companies on our website, regardless of the company’s size.

At its core, data protection is about being open and transparent. That’s what we aim for as a regulator and encourage others to do the same.

Publishing information about when we’ve had to take action against a company or sole trader helps encourage others to learn about data protection and what can happen when it goes wrong. But we consider each situation on a case-by-case basis and only publish action we’ve taken when we think it’s right.

Even though the ICO has the power to take action, most of our work with organisations is focussed on helping them get data protection right. Most of the UK’s SMEs are working hard to comply, despite limited resources, and we’re here to help. If things go wrong, we’ll try to work with your company to decide what improvements we expect from you and provide advice to help you get it right in the future. We also have a dedicated advice line for small organisations in addition to the suite of toolkits, bite-sized guides, and other tailored resources available on our data protection hub for small organisations.

Will the ICO always issue a fine if an organisation gets something wrong?

No. Fines aren’t suitable for every breach.

Our fines and penalties may grab the headlines, but we know that our work with organisations, helping you to make changes and improvements to comply with the law, is the most effective way of reducing mistakes and misuse of people’s data.

We’re here to help you get data protection right, through our events and our support and advice services.

If things go wrong, we want to work with you to decide what improvements we expect from you and provide advice to help you get it right in the future.