Charities excluded from UK privacy regulator’s enforcement of public sector

( November 11, 2025, 10:55 GMT | Official Statement) -- MLex Summary: Charities and social enterprises are not subject to the UK privacy regulator’s bespoke approach to enforcing organizations in the public sector. The Information Commissioner’s Office on Tuesday issued updated guidance confirming that only “public authorities” and “public bodies” fall within scope. The revised policy clarifies when fines may be issued, setting out for the first time what makes a breach “egregious,” including harm, intent and repeat infringements. The approach, which limits fines to the most serious cases, will continue to apply across the public sector, with the ICO prioritizing warnings, reprimands and enforcement notices instead.Statement follows. Documents attached....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Charities excluded from UK privacy regulator’s enforcement of public sector

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections