The ICO exists to empower you through information.

About this detailed guidance

This guidance discusses automated decision-making and profiling in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply the rules relating to automated decision-making and profiling in practice. DPOs and those with specific data protection responsibilities in larger organisations are likely to find it useful.

If you haven’t yet read automated decision-making and profiling in brief in the Guide to UK GDPR, you should read that first. It sets out the key points you need to know, along with practical checklists to help you comply.

Contents

What is automated individual decision-making and profiling?

What does the GDPR say about automated decision-making and profiling?

When can we carry out this type of processing?

What else do we need to consider if Article 22 applies?

What if Article 22 doesn’t apply to our processing?