UK GDPRGovernment

Metropolitan Police Service

Data Subject Rights

Authority

ICO

Country

United Kingdom

Date Issued

March 1, 2023

Industry

Government

Summary

The Metropolitan Police Service failed to implement adequate controls to prevent unauthorized uploading, amendment, or deletion of sensitive criminal records in the Police National Database, a systemic issue that persisted undetected for an extended period. The organization had not developed automated verification systems despite the database being operational since 2011, creating significant risk of data integrity compromise.

Violation Types

Data Subject RightsSecurityData Retention

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert