Guide

Comply with data protection legislation

Role of the Information Commissioner's Office

The Information Commissioner's Office (ICO) is a UK independent public body responsible for upholding information rights and data privacy.

ICO and data protection

Under the requirements of the Data Protection Act, businesses and organisations that handle personal data must register with the ICO as data controllers, unless they're exempt.

Failure to register and notify the ICO about the data your business holds is a criminal offence. Find out more about notifying the ICO about personal information.

There are currently more than 400,000 registered data controllers. The ICO maintains a data protection public register where they publish the name and address of these data controllers, as well as a description of the kind of processing they do. You can search the ICO's register online.

Important: Data controllers will be subject to more stringent rules under the new General Data Protection Regulation (GDPR), due to come into force on 25 May 2018. The GDPR will also place new obligations on the 'data processors'. Find out what's changing and how to prepare your business for the GDPR.

ICO and other legislation

In addition to the data protection legislation, the ICO also enforces and oversees:

Find out more about the role of the ICO.