As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.

A survey conducted in April and May 2023 revealed that around 55 percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further 45 percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

A survey conducted in April and May 2023 among companies that do business in the European Union and the United Kingdom (UK) found that over half of the respondents, 53 percent, felt very prepared for the General Data Protection Regulation (GDPR). A further 35 percent of the companies believed they were moderately prepared, while 10 percent said they were slightly ready to comply with the EU and UK privacy legislations.

Between 2018 and 2022, there has been a significant increase in the level of awareness around the General Data Protection Regulation (GDPR) among European users. In 2018, when the GDPR was first applied, the United Kingdom had the highest level of awareness, with 32 percent of respondents agreeing or strongly agreeing with the statement: "I am aware of the new General Data Protection Regulation (GDPR) that will be introduced in May 2018". In 2022, the share of UK respondents agreeing with the statement increased to 73 percent. France had the lowest level of awareness in 2018, 20 percent, whereas in 2022 it reached 47 percent but remained the lowest among other European markets.

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

This dataset is a central catalogue of Data Protection Impact Assessments (DPIAs) of smart city projects that collect personal information in public spaces. By publishing this in one place for the first time, it will enable public transparency and support good practice among operators.

A DPIA helps to identify and minimise the risks of a project that uses personal data.

Further information:

DPIA registration form: https://www.london.gov.uk/dpia-register-form

Information Commissioner DPIA: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

Since the enforcement of the General Data Protection Regulation (GDPR) in May 2018, fines have been issued for several types of violations. As of February 2025, the most significant share of penalties was due to companies' non-compliance with general data processing principles. This violation has led to over 2.4 billion euros worth of fines.

Reasons for data donation subscale correlations, and means, standard deviations and Cronbach’s Alpha for subscales of Reasons for Data Donation.

If you want to give feedback on this dataset, or wish to request it in another form (e.g csv), please fill out this survey here. We are a not-for-profit research organisation keen to see how others use our open models and tools, so all feedback is appreciated! It's a short form that takes 5 minutes to complete.

Important Note: Before downloading this dataset, please read the License and Software Attribution section at the bottom.

This dataset aligns with the work published in Centre for Net Zero's report "Hitting the Target". In this work, we simulate a range of interventions to model the situations in which we believe the UK will meet its 600,000 heat pump installation per year target by 2028. For full modelling assumptions and findings, read our report on our website.

The code for running our simulation is open source here.

This dataset contains over 9 million households that have been address matched between Energy Performance Certificates (EPC) data and Price Paid Data (PPD). The code for our address matching is here. Since these datasets are Open Government License (OGL), this dataset is too. We basically model specific columns from various datasets, as set out in our methodology section in our report, to simplify and clean up this dataset for academic use. License information is also available in the appendix of our report above.

The EPC data loaders can be found here (the data is here) and the rest of the schemas and data download locations can be found here.

Note that this dataset is not regularly maintained or updated. It is correct as of January 2022. The data was curated and tested using dbt via this Github repository and would be simple to rerun on the latest data.

The schema / data dictionary for this data can be found here.

Our recommended way of loading this data is in Python. After downloading all "parts" of the dataset to a folder. You can run:

```

import pandas as pd

data = pd.read_parquet("path/to/data/folder/")

```

Licenses and software attribution:

For EPC, PPD and UK House Price Index data:

For the EPC data, we are permitted to republish this providing we mention that all researchers who download this dataset follow these copyright restrictions. We do not explicitly release any Royal Mail address data, instead we use these fields to generate a pseudonymised "address_cluster_id" which reflects a unique combination of the address lines and postcodes, as well as other metadata. When viewing ICO and GDPR guidelines, this still counts as personal data, but we have gone to measures to pseudonymise as much as possible to fulfil our obligations as a data processor. You must read this carefully before downloading the data, and ensure that you are using it for the research purposes as determined by this copyright notice.

Contains HM Land Registry data © Crown copyright and database right 2021. This data is licensed under the Open Government Licence v3.0.

Contains OS data © Crown copyright and database right 2022.

Contains Office for National Statistics data licensed under the Open Government Licence v.3.0.

The OGL v3.0 license states that we are free to:

• copy, publish, distribute and transmit the Information;
• adapt the Information;
• exploit the Information commercially and non-commercially for example, by combining it with other Information, or by including it in your own product or application.

However we must (where we do any of the above):

• acknowledge the source of the Information in your product or application by including or linking to any attribution statement specified by the Information Provider(s) and, where possible, provide a link to this licence;

You can see more information here.

For XOServe Off Gas Postcodes:

This dataset has been released openly for all uses here.

For the address matching:

GNU Parallel: O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014

Correlation of each of the reasons for data donation scales, while partialling out other two scales, with Prosocial Tendencies Measure, Self-Report Altruism Scale and Interpersonal Reactivity Index.

A study conducted among 680 websites in the UK showed that roughly 12 percent of the websites was compliant with the General Data Protection Regulation (GDPR). The consent management platforms (CMP) displayed were in most cases not meeting the requirements of the EU law.

In September 2024, the Irish Data Protection Commission fined Meta Ireland 91 million euros after passwords of social media users were stored in 'plaintext' on Meta's internal systems rather than with cryptographic protection or encryption. In May 2023, the EU fined Meta 1.2 billion euros for violating laws on digital privacy and putting the data of EU citizens at risk through Facebook's EU-U.S. data transfers. European privacy legislation is seen as being far stricter than American privacy law, and the sending of EU citizens’ data to the United States resulted in the record breaking penalty being issued to the tech giant. In January 2023, after it was discovered that Meta Platforms had improperly required that users of Facebook, Instagram, and WhatsApp accept personalized adverts to use the platforms, the company was issued a 390 million euro fine by the European Commission. EU regulators claim that the social media giant broke the General Data Protection Regulation (GDPR) by including the demand in its terms of service. In addition, Meta was fined 405 million euros by the Irish Data Protection Commission (DPC) in September 2022 for violating Instagram's children's privacy settings. In November 2022, the DPC fined Meta a further 265 million euros for failing to protect their users from data scraping. GDPR violations in 2022 Social media sites and companies are not the only types of online services upon which users' data can potentially be compromised. In 2022, the online service with the biggest fine for violating GDPR was e-commerce and digital powerhouse Amazon, which was issued a 746 million euro fine. Furthermore, in December 2021, Google was penalized 90 million euros for GDPR violations. What are the most common GDPR violations? Since GDPR went into effect in May 2018, fines have been imposed for a variety of reasons. As of June 2022, companies' non-compliance with general data processing principles accounted for the largest share of fines, resulting in over 845 million euros worth of penalties. Insufficient legal basis for data processing was the second most common violation, amounting to 447 million euros in fines.

The size of the Cyber Security Insurance in UK Market was valued at USD XX Million in 2023 and is projected to reach USD XXX Million by 2032, with an expected CAGR of 8.00% during the forecast period. Cyber security insurance in the UK market refers to specialized insurance products designed to protect businesses from the financial repercussions of cyberattacks and data breaches. As digital transformation accelerates and cyber threats become increasingly sophisticated, organizations are recognizing the importance of safeguarding their assets and data. Cyber security insurance provides coverage for a range of risks, including data loss, business interruption, cyber extortion, and liability for third-party claims arising from data breaches. The UK cyber insurance market has witnessed significant growth, driven by rising awareness of cyber risks among businesses and the increasing regulatory requirements for data protection, such as the General Data Protection Regulation (GDPR). Insurers offer tailored policies that typically include coverage for incident response costs, legal expenses, regulatory fines, and public relations efforts to mitigate reputational damage after a cyber incident. Moreover, many insurers provide risk management services, helping organizations identify vulnerabilities and implement best practices to enhance their cyber resilience. Recent developments include: September 2023: Cowbell is committed to addressing cyber risk challenges on a global scale, and our expansion into the UK is a testament to this. Cowbell Prime One is tailored towards SME and mid-market customers and allows brokers to customize cyber policies for different risk exposures, such as email scams, ransomware, and social engineering., March 2023: Cyber insurance provider Coalition is set to enter the excess cyber insurance market in the United Kingdom to help protect businesses with enhanced coverage. The firm has confirmed that it will extend its reach to provide full-follow form coverage and protection of up to GBP 10 million (USD 12126000) above a primary layer of insurance from another insurer for both cyber and technology professional indemnity (PI) lines.. Key drivers for this market are: Data Privacy Regulations, Business Interruption. Potential restraints include: Complexity and Lack of Understanding, Cost of Coverage. Notable trends are: Impact of Cyber Insurance Policy Coverage.

Proactive Security Market size was valued at USD 39.82 Billion in 2023 and is projected to reach USD 127.63 Billion by 2031, growing at a CAGR of 15.68% from 2024 to 2031.

Key Market Drivers
Increasing Cyber Threats: The rapid expansion and sophistication of cyber threats such as ransomware, phishing, and state-sponsored attacks necessitates a proactive security strategy. Businesses and governments must implement advanced security measures to detect and mitigate risks before they occur, assuring data integrity and continuity, and therefore, driving market growth.
Compliance and Regulatory Requirements: With the implementation of stringent data protection legislation such as GDPR and CCPA, enterprises are now required to deploy proactive security safeguards. These requirements force enterprises to not only protect sensitive information but also to discover and disclose breaches quickly, making proactive security a legal requirement that drives market development.
Digital Transformation and Cloud Adoption: The shift to digital operations, as well as the increasing usage of cloud services, broadens enterprises’ attack surfaces. Thus, proactive security methods, such as cloud security postures and real-time threat detection, are crucial for protecting digital assets and enabling flawless operations across distributed settings.
Business Continuity and Reputation: In today’s digital age, a single security breach can result in huge financial losses and harm to an organization’s brand. Proactive security measures help to avoid breaches, ensure business continuity, and maintain consumer trust by demonstrating a commitment to data and privacy protection and hence bolsters the market adoption.

During an April 2024 survey carried out among retail and e-commerce advertising decision-makers from the United Kingdom (UK), 84 percent of respondents stated they planned to use Google Analytics 4 (GA4) after the phase-out of third-party cookies in Chrome in 2024. GA4 was ruled uncompliant with the European Union's General Data Protection Regulation (GDPR) in 2022.

One fifth of e-commerce and multichannel retailers in the UK and France saw the EU General Data Protection Regulation (GDPR) as the greatest concern in the future of personalization. Personalization in e-commerce retail was also a technology that retailers were worried they would not understand or keep up with. The changing trends in personalization were also another concern among 18 percent of UK and French retailers.

Compliance specialists are responsible for making sure that a company complies with national and international laws and regulations, as well as professional standards and internal policies. Compliance in financial services is an on-going activity but recent developments around General Data Protection Regulation (GDPR) or Brexit are expected to raise the demand for skilled professionals even higher. In 2020, Product advisory was the highest paying specialty area for mid-level specialists in compliance. Assistant vice president compliance officers who worked in Trade Surveillance in London earned an average salary of between 60 and 90 thousand British pounds per annum.

Compliance specialists are responsible for making sure that a company complies with national and international laws and regulations, as well as professional standards and internal policies. Compliance in financial services is an on-going activity but recent developments around General Data Protection Regulation (GDPR) or Brexit are expected to raise the demand for skilled professionals even higher. In 2019, Central Compliance was the highest paying specialty area for junior specialists in compliance. Officers with two to four years of experience who worked in Central Compliance in London earned an average salary of between 40 and 55 thousand British pounds per annum.