The target of the UK’s first GDPR fine has criticised the Information Commissioner’s Office decision to penalise the company – highlighting that the amount of data affected by an alleged breach was far smaller than the regulator had estimated. Filed under United Kingdom IT & Data Protection Topics Cybersecurity Data privacy Enforcement