Towards GDPR - The ICO's History of Protecting our Rights in the UK

As we approach 'go-live' for GDPR and a new era of data rights for EU Citizens and being data nerds we wanted to take a look at the landscape of ICO enforcement under the current regulations and rights in the UK. 

To this end we first took a look at the ICO's monetary penalties data set ( on inspection and in email communication with the ICO it was noted that this file is not as regularly updated as the enforcment action page ( The enforcement action page also includes the other types of enforcements undertaken by the ICO. To capture the data into a format for charting we wrote a python script to process the page into a CSV from which we then loaded into Tableau dashboard and uploaded to Tableau Public to make it accessible to anyone interested in looking at the data. 

This is very much the first iteration of this visualisation and we plan to update on weekly basis.

A couple of notes on the data:

  • Attempts have been made to mask person names even though the data has come from  the ICO's website.

  • The aggregate fines is calculated by pulling the numbers out of the description. An official source of just 'Monetary Penalties' can be found on the ICO website though is not updated as regularly as the notifications.

  • Sectors missing from the data have been infilled with 'Missing.

  • There are duplicate records in the source sometimes as a result of variations in company names, sometimes as a result of duplicate 'type's