These pages sit alongside our Guide to the GDPR and supplement the Article 29 Working Party Guidelines on Automated individual decision-making and profiling, which have been endorsed by the European Data Protection Board (EDPB). They provide more practical guidance for UK organisations on automated decision-making and profiling under the GDPR.                    

The GDPR includes provisions to reflect organisations’ increasing use of profiling and automated decision-making across a wide range of applications. These provisions are designed to protect individuals from the potential risks that this type of processing can create.

The requirements are stricter when profiling is part of a solely automated decision-making process with legal or similarly significant effects.

This guidance will help you understand your responsibilities, what steps you need to take and why. It sets out how the ICO interprets the GDPR and our general recommended approach to compliance and good practice. It should be read alongside the more detailed EDPB Guidelines detailed below.

For an introduction to the key themes and provisions of the GDPR, you should refer back to the Guide to the GDPR. You can navigate back to the Guide at any time using the link at the top of this page. Links to other relevant guidance and sources of further information are also provided throughout.

When downloading this guidance, the corresponding content from the Guide to the GDPR will also be included so you will have all the relevant information on this topic.