Show all guides
Europe
GDPR

UK ICO fines Capita group £14 million following cyber-related UK GDPR failures

Last update:
Nov 18, 2025

The UK Information Commissioner’s Office (ICO) fined two Capita group entities  £14 million for UK GDPR breaches tied to cybersecurity failures. The cyber incidents in question revealed the personal data of millions of customers, including particularly sensitive details. Authorities noted the severe impact on users. 

This is one of the larger ICO cyber-related penalties, even after the initial £58 million fine was reduced following Capita’s settlement with the ICO, the company’s admission of breaches, agreement not to appeal, and other considerations. The decision signals strict enforcement of data protection standards, serving as a reminder that high expectations of cyber resilience are higher than ever.

The full guidelines can be found
here

Related Guides

EU court rejects Meta’s challenge to 'consent or pay' opinion

May 7, 2025

The EU General Court rejected Meta’s attempt to overturn an EDPB opinion, ruling that requiring payment to avoid data tracking violates GDPR principles. The decision reinforces that consent must be freely given and not tied to financial status.
Europe
GDPR

Irish High Court delays operational order to TikTok during appeal

November 12, 2025

Ireland’s High Court allowed TikTok to temporarily continue transferring EU user data to China while it appeals a €530 million GDPR fine imposed by the Irish Data Protection Commission over unlawful cross-border data transfers.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only