Google has been given 35 days to delete any remaining data it "mistakenly collected" while taking pictures for its Street View service, or face criminal proceedings.
But the UK Information Commissioner's Office did not impose a fine.
Its investigation into Google reopened last year after further revelations about the data taken from wi-fi networks.
During that inquiry, additional discs containing private data were found.
Google had previously pledged to destroy all data it had collected, but admitted last year that it had "accidentally" retained the additional discs.
The ICO has told the search giant it must inform it if any further discs of information are discovered.
'Serious lack of oversight'
"Today's enforcement notice strengthens the action already taken by our office, placing a legal requirement on Google to delete the remaining payload data identified last year within the next 35 days and immediately inform the ICO if any further discs are found," said Stephen Eckersley, the office's head of enforcement.
"Failure to abide by the notice will be considered as contempt of court, which is a criminal offence."
However, unlike authorities in the US, the ICO said it would not be issuing a fine.
"The detriment caused to individuals by this breach fails to meet the level required to issue a monetary penalty," it said.
It concluded that the collection of the data in 2010 was due to "procedural failings and a serious lack of management oversight", but agreed with Google's assertion that the company did not order the actions at a corporate level.
In a statement on Friday, Google said: "We work hard to get privacy right at Google.
"But in this case we didn't, which is why we quickly tightened up our systems to address the issue. The project leaders never wanted this data, and didn't use it or even look at it.
"We co-operated fully with the ICO throughout its investigation, and having received its order this morning we are proceeding with our plan to delete the data."
'Impeded and delayed'
Inquiries into Google's data gathering began in 2010 when it emerged an engineer had written software code to gather information from unsecured wi-fi networks.
Cars taking pictures for the company's massively popular Street View service were used to capture the information.
The company was fined by $25,000 (£15,700) by the US Federal Communications Commission in April last year.
The FCC levelled heavy criticism at the company, saying it had "deliberately impeded and delayed" the investigation for months.
Its investigation found that data had been discovered in 30 countries, and included "complete email messages, email headings, instant messages and their content, logging-in credentials, medical listings and legal infractions, information in relation to online dating and visits to pornographic sites".
'Setting a precedent'
The engineer told the FCC that at least two other Google employees, one a senior manager, knew about the data gathering.
Nick Pickles, director of the privacy campaigners Big Brother Watch, criticised the ICO decision.
"People will rightly look at the UK's approach to this issue and ask why, given regulators in the US and Germany have fined Google for exactly the same infringement, it is being allowed to escape with a slap on the wrist in Britain.
"Is our privacy somehow less worthy of protection?"