Back to Explorer
UK GDPRGovernmentHigh Severity

The Electoral Commission

Security

Authority

ICO

Country

United Kingdom

Date Issued

May 8, 2024

Industry

Government

Summary

The Electoral Commission received a reprimand from the ICO for failing to implement appropriate technical and organizational security measures under UK GDPR Articles 5(1)(f) and 32(1)(b). A data breach affecting approximately 40 million individuals resulted from unpatched software vulnerabilities that allowed unauthorized access to personal data in the Electoral Register between August 2021 and October 2022.

Violation Types

SecurityData BreachRisk Assessment

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

LastPass UK Ltd

ICO · UK GDPR · November 19, 2025

€1M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert