The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Why is this important?

You need to be able to detect, investigate, risk-assess and record any breaches. You must report them as appropriate. Having effective processes in place helps you to do this. A personal data breach can have a range of adverse effects on individuals. There can be serious repercussions for organisations, their employees and customers, such as financial penalties (failure to notify a breach when required can result in a fine up to 10 million Euros or 2% of your global turnover), reputational damage, loss of business and disciplinary action.

At a glance – what we expect from you

Further reading

ICO guidance:

External guidance: