The Information Commissioner’s Office (ICO)
The Information Commissioner’s Office (ICO)

The following Dispute Resolution guidance note provides comprehensive and up to date legal information covering:

  • The Information Commissioner’s Office (ICO)
  • What is the Information Commissioner’s Office?
  • Legislative framework underpinning ICO’s regulatory activity
  • Remit
  • Regulatory activity
  • Complaining to the ICO
  • Sanctions—data protection
  • Sanctions—freedom of information and environmental information
  • Sanctions—privacy and electronic communications regulations
  • Sanctions—NIS Regulations
  • more

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

The Information Commissioner’s Office (ICO) is the UK’s independent regulator designed to uphold information rights, specifically data protection, electronic communications and freedom of information. This practice note sets out the ICO’s remit, its legislative framework, the complaints procedure and the sanctions available.

What is the Information Commissioner’s Office?

The ICO is a non-governmental body sponsored by the Department for Digital, Culture, Media & Sport (DCMS). The ICO is responsible for the regulation of freedom of information and protection of personal data. Its mission is to uphold information rights in the public interest by offering guidance to citizens and organisations, rulings on eligible complaints,