United Kingdom
Birthlink
20,725 €
GDPR enforcement action by Information Commissioner (ICO) on 2025-06-24.
Rank · Sector
#24
of 351 in Individuals and Private Associations
Rank · United Kingdom
#25
of 28
Rank · All fines
#1,011
of 3,042
Case details
- Authority
- Information Commissioner (ICO)
- Date
- 2025-06-24
- Controller / Processor
- Birthlink
- Sector
- Individuals and Private Associations
- Quoted Articles
- Art. 5 (1) f), (2) GDPR, Art. 32 (1), (2) GDPR, Art. 33 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The UK DPA has imposed a fine of £ 18,000 (EUR 20,725) on Birthlink. The controller, a scottish registered charity, failed to implement sufficient technical and organisational measures to ensure data security, resulting in the loss of irreplaceable personal records.
Open original source
Links to the regulator's original publication or another source.
Related fines
United Kingdom
2020-10-16
22,046,000 €
ETid-58
British Airways
Transportation and Energy
United Kingdom
2020-10-30
20,450,000 €
ETid-60
Marriott International, Inc
Accomodation and Hospitality
United Kingdom
2026-02-23
16,610,000 €
ETid-3074
Reddit, Inc.
Media, Telecoms and Broadcasting
United Kingdom
2023-04-04
14,500,000 €
ETid-1730
TikTok
Media, Telecoms and Broadcasting
United Kingdom
2025-10-15
9,180,000 €
ETid-2898
CAPITA PLC
Industry and Commerce
United Kingdom
2022-05-18
9,000,000 €
ETid-1190
Clearview Al Inc.
Industry and Commerce