UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident | News & Insights

Blog Posts May 6, 2025

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the […]

The post UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts October 20, 2025

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack

On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the personal data of over ~6.6 million individuals following a ransomware attack by Black Basta. The […]

The post UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts July 2, 2025

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting how regulators are […]

The post UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts December 21, 2020

UK ICO Publishes New Data Sharing Code

On December 17, 2020, the UK Information Commissioner’s Office (‘ICO’) published its Data Sharing Code of Practice (the ‘Code’) following a public consultation which commenced in 2019. The Code focuses mainly on data sharing among data controllers who are subject to the GDPR and the UK Data Protection Act (‘DPA’) 2018. Data controllers falling within […]

The post UK ICO Publishes New Data Sharing Code appeared first on Alston & Bird Privacy Blog.

General Publications September 28, 2017

The Digital Download - Alston & Bird’s Privacy & Data Security Newsletter - September 28, 2017

A legal update on privacy, data security, and all things cyber by the attorneys of Alston & Bird.