The ICO exists to empower you through information.

Rob Holtom

"The ICO is not just the data regulator - it has a deeper purpose: to empower you through information. Data is now so critical to the economy and our everyday lives, this feels like a pretty compelling mission. It’s certainly one that makes the job we do in Data, Digital and Technology (DDaT) exciting and gets us out of bed in the morning!

"In DDaT, we make sure that the ICO’s technology and data empower our people to do their best work. Our digital services empower organisations to use data responsibly, and empower the public to have their information rights protected.

"On a practical level, our team covers a huge range of capabilities. We provide the devices, software, networks and infrastructure that our people use every day. We operate the website that attracts over half a million visits every month. We run the data platform and services that provide insight and will support increasing automation. We manage critical enterprise applications such as our case management, finance and HR systems that run our business. And we make sure the ICO is defended from cyber attacks to keep our data, people and customers safe.

"Most excitingly, we’re in the middle of a transformation that will modernise our technological capabilities. This doesn’t just mean that we’re investing in innovative tech, though. We’re also evolving the way we work, bringing practices such as human-centred design and Agile into the way we work. We’re shifting our focus to have maximum impact on our internal and external customers. And we’re looking to build a really diverse and inclusive culture, where everyone can do their very best work, have a voice and be themselves.

"Sound like something you want to be involved in? If you’re a data, digital or technology professional (or aspire to be), we’d love to hear from you."

Rob Holtom, Executive Director - Corporate Digital, Data & Technology

What we do

From managing cybersecurity threats to building laptops, our team provides vital services to ICO staff and customers. We're responsible for providing all ICO colleagues and external stakeholders with access to leading digital and IT products and services so the organisation can deliver its objectives and statutory obligations.

We make sure that:

  • our IT services are always available when needed, and they are secure, reliable and suitable for the job.
  • devices and phone systems are working, making sure our customers can contact the helplines or use our website.
  • the ICO's information, systems and data are secure and risks, not to mention threats, are managed.
  • the organisation is safe against real world threats and ensure that best practice cyber hygiene is adhered too by proactively managing threats, vulnerabilities and mitigations.


IT Services

We support over 1,100 staff across the organisation ensuring the end-to-end operational delivery whilst delivering the ongoing operation of secure and reliable IT and telephony services and systems that support the smooth running of the ICO business operation.

We are the central point of contact between IT and all ICO service users handling the full lifecycle of IT service delivery, from managing requests to resolving issues, planning upgrades and device build and rollout.

Digital Design and Delivery

We play a critical role in delivering on the commitments set out in our ICO25 strategic plan. Working together with colleagues across DDaT, the wider organisation and our external stakeholders, we deliver products and services that are designed, built and delivered with a user centric approach. We build user feedback and insights into everything we do.

The team supports the gathering of true user needs and requirements to design, build and iterate in conjunction with our Agile principles and aligning to GDS service standards. We’re made up of a professionally skilled and multi-disciplined team that leverages the best in user research, user experience (UX) design and accessibility, scrum master, technology analysts and test team.

But the most valuable skill for anyone in the team is advocacy: making sure the voices of our users are heard so we can build great digital services that meet their needs and make their experiences with the ICO the best they can be.

Client Services

We are the first point of contact for all business and technical owners that require support in the procurement of new technology, software and services. Using a range of procurement frameworks, we seek to secure the best suppliers delivering against ICO needs whilst ensuring best value. Managing a large and wide-ranging portfolio, we are critical to ensuring consistency in service and managing our suppliers effectively.

We also provide a robust major incident and problem management service to the DDaT team that supports increased efficiency and productivity, future incident prevention, reduction in downtime and an improved customer experience.


We support the successful delivery of the ICO strategy through delivering an Enterprise Architecture vision and plan aligned with our goals.

The department develops and delivers the ICO’s Enterprise Architecture vision, strategy and roadmaps from a business, technology and data perspective, including “as is”, “to be” and transitional states.

Product and Infrastructure

Helping the ICO to make appropriate business, technology and data decisions by recommending reuse, sustainability and scalability, to achieve value for money and reduce risk

We collaborate and consult with stakeholders to ensure business, technology and data decisions are aligned with enterprise architecture strategy.

The department carries out horizon scanning across the industry and wider technological landscape, identifying emerging trends and their potential impact and opportunity for the ICO, and incorporating these into plans.


Data is one of the most valuable assets an organisation has.

As the regulator for data, the ICO encourages the public sector to use data in impactful and innovative ways while using people’s personal data responsibly. It is therefore imperative that we have a robust data governance framework for the ICO. This includes designing, implementing and monitoring data governance throughout the data life cycle, defining and applying end-to-end data governance frameworks, processes, operational policies, standards, compliance and assurance.

We help the ICO develop and deliver the ICO’s Enterprise Data Strategy, championing and developing data’s role as a strategic enterprise asset.

The department ensures the optimum management, use and exploitation of data across the ICO sets the vision for the ICO’s use of data, through data design, to ensure that data is managed properly and meets the ICO’s needs.

Cyber Security

The Cyber Security department supports the ICO to achieve its goals and ambitions by enabling the secure access and use of data both internally and externally by our colleagues and customers. By delivering ‘secure by design’ best practices and assuring our cyber security stance against industry best practice and guidance, we enable confidence for the organisation to be curious and ambitious, in building our services to empower people through information.

We cover a wide range of areas across the organisation, from providing security requirements and assurance in the procurement of new systems and services, to engaging in the secure technical delivery of new projects and changes. We support right the way through the lifecycle of system and service security assurance, to the secure divestment of technology and equipment.

We work across the whole organisation to provide the guidance, governance and assurance required in an ever-changing cyber threat landscape, to enable progress and change at pace, while protecting the people, technologies and data as expected of a leading UK regulator.

Information Management and Governance

The Information Management and Governance team provides the advice and guidance, policies and procedures that enables the ICO to manage data assets appropriately across the organisation. As a leading UK regulator, we must hold ourselves to the highest standards for data management, data privacy and governance. The Information Management team provides the Data Privacy Impact Assessment (DPIA) process for the ICO, updates and reviews the Privacy Notices in alignment with the DPO, and provides the guidance and assurance on how data is collected, processed, stored and deleted in line with all relevant legislation.

The team provides privacy by design, works with projects and change across the organisation, to ensure the appropriate controls and best practices are followed in all data use. The team provides governance and assurance that all colleagues understand their roles and responsibilities for managing data, working with the information asset owners (IAO), information asset managers (IAM) and a network of local information management officers (LIMO) to promote and assure good practices across all departments.

Working closely with other teams across the organisation, the Information Management team ensures that the ICO meets its mandatory actions such as assessing ROPAs, data transfers both national and international, including to the national archives (TNA).

What our staff say:

"I have been working in DDaT at the ICO for the past 18 months, the range of work is really varied, challenging, and rewarding. It’s great to work in such a collaborative and inclusive organisation with supportive and friendly colleagues!"

Natalie Pilling – Senior Business Partner

"What I do enjoy about working within DDaT is that we learn, we collaborate, we are challenged, working hard together to achieve goals and drive results, but most of all we have fun!"

Jill Sanderson - Senior Client Services Manager


"Working in DDaT provides a range of opportunities to be involved in and to collaborate with others. The collaboration with others not only allows for knowledge and skills to be developed but it also provides a sense of belonging. Since working in DDaT I have had the opportunity to be involved in a number of interesting projects which has allowed me to build relationships with other colleagues who have different areas of expertise. I always look forward to new projects within DDaT, especially as I’m always looking for new challenges and to develop new skills."

Jake Sumner - IT Service Analyst

"My work within the DDaT team is constantly evolving and the only way to keep my knowledge up to date is to ensure I am continuously learning and updating my skills. I feel comfortable in taking risks, and able to work though challenges and conflicts as they arise. No two days are ever the same and every single day is a new adventure. I aspire to inspire people and I am doing this on a daily basis. I’m encouraged to try new things and be innovative… and if it doesn’t work out I‘m supported to learn lessons, dust myself off and try again."

Gareth Vincent - Application Operations Engineer


"The ICO’s Women Network is an inclusive and open community that supports and empowers women from all areas of the organisation.

"We are proud to be supporting our Digital Data and Technology (DDaT) colleagues’ mission to enhance the number of women undertaking DDaT roles at the ICO to combat under-representation and gender inequality in a data-driven future.

"Data and technology are leading the solutions that inform the way we live our lives. Ensuring diverse representation in this space, enriches forward-thinking, industry leading perspectives, ideas, solutions and services that are suitable for everyone in our communities.

"Women have a wealth of unique potential to offer the DDaT world and the Women’s Network will help support, empower and connect you every step of the way."

- The ICO’s Women’s Network


Watch a chat between Rob Holtom and Hannah Smith, our Digital Lead for User Centred Design to see some of the work that's taken place to make the website more user-centred. 



More information about all the current jobs on offer at the ICO can be found on the Vacancies page

If you cannot find any roles that interest you at the moment but you would like to be part of the team, please submit your CV to [email protected].