Skip to main content
Home

Codes of conduct detailed guidance

Contents

Latest updates - last updated 5 February 2026

5 February 2026 – The Data Use and Access Act 2025 (DUAA) makes changes in relation to codes of conduct.

It allows for codes of conduct to be developed under part 3 of the Data Protection Act 2018, and under the Privacy and Electronic Communications Regulations (PECR).

It also amends article 41 of the UK GDPR to clarify when a monitoring body should tell the ICO about an infringement of a code of conduct.

We have updated our guidance to reflect these changes.

We are committed to encouraging the development of codes of conduct and will provide advice and support from the start on: 

  • meeting the necessary criteria;
  • understanding the requirements of the relevant data protection laws; and
  • addressing complex areas of data protection.

We welcome informal discussions with organisations as part of the development of your code of conduct and prior to beginning the application process. You’re strongly encouraged to contact us at [email protected].