The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published a Data Protection Regulatory Action Policy, setting out factors the ICO will consider when deciding whether to initiate enforcement action and what form it should take. The policy should assist organisations with understanding the enforcement process and the risks of non-compliance with the