CAPITA PLC – €9,180,000 Fine (United Kingdom, 2025)

€9,180,000Information Commissioner's Office15 October 2025United Kingdom
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The UK DPA has imposed a fine of £ 8,000,000 (EUR 9,180,000) on CAPITA PLC. CAPITA PLC acts as the data controller for the CAPITA Group, which has suffered a cyber attack. The controller failed to implement adeqaute technical and organisational measures to ensure data security and also failed to adequatly react to the incident.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) UK GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(f) UK GDPR
Art. 32(1) GDPR
(2) UK GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
articles corrected
national law identified
United Kingdom enforcementInformation Commissioner's Office actionsAll CAPITA PLC actions
Full Legal Summary

The UK DPA has imposed a fine of £ 8,000,000 (EUR 9,180,000) on CAPITA PLC. CAPITA PLC acts as the data controller for the CAPITA Group, which has suffered a cyber attack. The controller failed to implement adeqaute technical and organisational measures to ensure data security and also failed to adequatly react to the incident.

Related Enforcement Actions (0)

No other enforcement actions found for CAPITA PLC in UK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

15 October 2025

Authority

Information Commissioner's Office

Fine Amount

€9,180,000

Enforcement Tracker ID

ETid-2898

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAPITA PLC - United Kingdom (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: