// Compliance & Operations — UK 2026
AUDITD

We help small UK businesses in recruitment, healthcare staffing, and HR fix their backend operations, close compliance gaps, and stay audit-ready — without the jargon or panic.

GDPR
CQC Readiness
Audit Prep
Workflow
Onboarding
Data Organisation
£17.5M Max UK GDPR fine (2026)
9,000 CQC assessments by Sept 2026
£52 ICO registration — non-negotiable
Scroll
Data (Use & Access) Act 2025 now in force — PECR fines raised to £17.5M ICO: UK GDPR applies to ALL businesses regardless of size CQC targeting 9,000 assessments by September 2026 Capita fined £14M in 2025 — largest ICO settlement ever Staines Health Group reprimanded for exposing 23 years of patient records Training gaps cited in multiple ICO enforcement actions 2024–2026 DPP Law fined £60K after ransomware exfiltrated 32.4GB of data CQC: documentation failures remain #1 reason for Inadequate ratings Data (Use & Access) Act 2025 now in force — PECR fines raised to £17.5M ICO: UK GDPR applies to ALL businesses regardless of size CQC targeting 9,000 assessments by September 2026 Capita fined £14M in 2025 — largest ICO settlement ever Staines Health Group reprimanded for exposing 23 years of patient records Training gaps cited in multiple ICO enforcement actions 2024–2026 DPP Law fined £60K after ransomware exfiltrated 32.4GB of data CQC: documentation failures remain #1 reason for Inadequate ratings
01 — The risk is real
The compliance
landscape changed
in 2026.
The Data (Use and Access) Act 2025 came into force on 5 February 2026. PECR fines are now aligned with UK GDPR — up from £500k to £17.5 million. The ICO is actively enforcing. CQC has committed to its highest assessment volume in years.

Most small businesses in recruitment, HR, and healthcare are not ready. That's where we come in.
£0
Maximum PECR Fine
Raised from £500k to £17.5M under the Data (Use and Access) Act 2025, in force Feb 2026. Applies to any UK business running outbound marketing.
Source: Data (Use & Access) Act 2025
£0
Capita ICO Settlement
Largest ICO fine ever issued in 2025 — reduced from £45M for early settlement. Root cause: a 58-hour delay in containing a breach affecting 6.6 million people.
Source: ICO Enforcement 2025
0
CQC Assessments
CQC has committed to completing 9,000 assessments by September 2026 under political pressure following the Penny Dash review. If your last inspection was pre-2023, you are in scope.
Source: CQC 2025/26 Business Plan
£0
ICO Registration Fee
Mandatory for any organisation processing personal data. Tier 1 (under 10 staff or under £632k turnover) pay £52/year. Non-compliance is a criminal offence.
Source: ICO Registration 2026
£0
DPP Law Ltd Fine
A legal SME fined £60,000 in April 2025 after a ransomware attack exfiltrated 32.4GB of sensitive data. Inadequate security controls were cited as the primary failure.
Source: ICO Enforcement April 2025
£0
HSE Fines — April 2025
The Health and Safety Executive issued nearly £11 million in fines in a single month in April 2025 as healthcare enforcement intensified across the sector.
Source: HSE Enforcement Data 2025
02 — Real fines. Real businesses.
It's not just the big names.
ICO · PECR · 2024
£150,000
Poxell Ltd
Fined for making 2.6 million unlawful marketing calls in breach of PECR Regulation 21. The company had no valid consent processes in place and no DPA with their data provider.
January 2024
ICO · PECR · 2024
£100,000
Skean Homes Ltd
Fined £100,000 for 600,000 unlawful marketing calls made under various business aliases. Operating under multiple names did not reduce liability.
January 2024
ICO · PECR · 2024
£50,000
LADH Limited
Fined for sending 31,329 unsolicited SMS messages without lawful basis under PECR Regulation 22. Small number of messages, still a significant fine.
Late 2024
ICO · UK GDPR · 2025
£60,000
DPP Law Ltd
Legal SME fined after ransomware attack exfiltrated 32.4GB of sensitive client data. ICO cited inadequate technical and organisational measures as the core failure.
April 2025
ICO · UK GDPR · 2025
Reprimand
Staines Health Group
Healthcare provider disclosed 23 years of patient records to an insurer when only 5 years were requested. Root cause: no clear disclosure process and no structured staff training.
2025
ICO · UK GDPR · 2025
£14,000,000
Capita plc
Largest ever ICO settlement. 6.6 million people affected. The failure? A 58-hour delay in quarantining a compromised device. Basic incident response, not in place.
October 2025
03 — What we do
We fix what's
broken.

Practical, hands-on backend support. No consultancy jargon. No overcomplicated frameworks. We assess the gaps, implement working systems, and keep you compliant. Recruitment. Healthcare. HR. Care.

01
Compliance & Audit Readiness
From £200
02
GDPR & Data Organisation
From £400
03
Recruitment Workflow Setup
From £400
04
Staff Onboarding Systems
Project
05
Workflow Automation
Project
06
Monthly Retainer Support
From £250/mo
04 — Who we work with
Built for your sector.
Recruitment Agencies
  • Candidate data & GDPR
  • Right-to-work audit trails
  • Onboarding workflows
  • File management systems
🏥
Healthcare Staffing
  • CQC readiness
  • DBS tracking systems
  • Compliance documentation
  • Incident reporting
🏠
Care Homes
  • Staff file organisation
  • Audit trail creation
  • CQC inspection prep
  • Policy documentation
📋
HR Consultancies
  • Client data handling
  • GDPR implementation
  • Process documentation
  • Digital workspace setup
A
05 — Get in touch
Don't wait for
an audit
to find out.

We're currently taking on a small number of early clients. If you're in recruitment, healthcare, or HR and your backend is a mess — we want to talk.

hello@auditd.co.uk