Read our Impact Assessment Framework consultation summary
The ICO is consulting on our draft Impact Assessment Framework, which sets out our approach to impact assessments (IAs), when we will and won't produce IAs, what we plan to include in IAs, and how they fit into our wider policy-making process.
One of the ICO's obligations is to protect the fundamental rights and freedoms associated with personal data. Recital 4 of the General Data Protection Regulation (GDPR) makes clear that the right to the protection of personal data is not absolute, and must be balanced against other rights and freedoms in a proportionate manner. As a result, the ICO must take into account the freedom to conduct a business when carrying out its work. This is particularly relevant given the central role of personal data and personal data flows in the global economy, and the increased scale of personal data collection and sharing driven by technological progress.
IAs are a key way in which regulators balance different obligations and objectives, and ensure that regulatory action is both proportionate to the issue at hand and not unduly burdensome on the businesses that they regulate.
This draft framework guidance sets out our approach to using IAs in our decision-making, as part of our commitment to regulatory good practice and providing regulatory certainty. We are keen to hear your views on the Framework.
- Do you agree with the overall approach of this draft Impact Assessment Framework?
- Are you satisfied with the criteria and circumstances when we will and won't produce impact assessments?
- Do you have any views on the policy-making, consultation, and publication aspects of the Framework?
- Do you have any other comments on the Framework?
We will take account of views received to inform finalisation of the Framework.