Back to Explorer
UK GDPRFinance

Gain Capital UK Limited

Security

Authority

ICO

Country

United Kingdom

Date Issued

March 9, 2023

Industry

Finance

Summary

Gain Capital UK received a reprimand for failing to implement adequate security measures under Articles 32(1)(b) and 32(2) of UK GDPR after an unpatched software vulnerability allowed unauthorized access to personal data of 72,361 UK data subjects. The company had incorrectly relied on a third-party support contract for security updates when responsibility for patches remained with Gain Capital.

Violation Types

SecurityData BreachProcessor Obligations

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert