The ICO exists to empower you through information.

  UK GDPR Part 3 DPA 2018: Law Enforcement processing Part 4 DPA 2018: Intelligence Services processing
The principles of processing

Articles 5-11

Sections 34-42

Sections 85-91

Data subject rights
Articles 12-22

Sections 43-54

Sections 92-100
Obligations imposed on controllers or processors
Articles 25-39

Section 64 or Section 65
The requirement to communicate a personal data breach to the Commissioner or a data subject
Articles 33-34

Section 67 or Section 68

Section 108
The principles for transfers of personal data to third countries, non-Convention countries and international organisations
Articles 44-49

Sections 73-78

Sections 73-78
Specific failures of a monitoring body (monitoring approved code of conduct) 100 N/A N/A
Specific failures of a certification provider 101

A failure to comply with regulations under section 137 DPA 2018

A failure to comply with the terms of an information notice, assessment notice or enforcement notice 102 


100 s149(3) DPA 2018: Where the monitoring body has failed, or is failing, to comply with an obligation under Article 41 UK GDPR.

101 s149(4) DPA 2018: Where a certification provider does not meet the requirements for accreditation; has failed, or failing, to comply with an obligation under Articles 42 or 43 UK GDPR; or has failed or is failing to comply with any other provision of the UK GDPR (whether in the person’s capacity as a certification provider or otherwise).

102 s155(1)(b) DPA 2018