The ICO exists to empower you through information.

During an advisory check-up, we’ll cover three main areas:

  • Records management (how and why you collect, record, store and dispose of personal data).
  • Security (your security measures and systems for both remote working and physical offices, along with staff training and awareness).
  • Requests for personal data (your preparation, management and understanding of these requests).

If there are any additional areas you’d like us to cover, please let us know in the request form and we can discuss your requirements.

To get the most out of an advisory check-up, it’s important that you already have most of your data protection policies and procedures in place so we can review them. If you don’t yet have policies or procedures in place, take a look at our top tips for beginners first or call our helpline for further help.

We recommend starting with these pages before applying for an advisory check-up:

Following the advisory check-up, we’ll produce a report highlighting our key recommendations to aid your organisation.

Advisory check-ups aren’t audits ­- the sessions are purely advisory and for the benefit of your organisation.

We’ll contact you if we can proceed with your request. If we’re unable to offer an advisory check-up, you can still get up-to-date guidance on our SME Web Hub or contact our advice services for further help.

To request an advisory check-up, click Start.