What is an advisory visit?

The aim of an advisory visit is to give practical advice to organisations on how to improve data protection practice. It normally involves a one day visit from the ICO and a short follow up report.

What are the benefits of an advisory visit?

You will benefit from our knowledge and experience to identify what you are doing well and what you need to improve and receive practical recommendations and suggestions to put things right. There is no expense to your organisation and you get a short report at the end which summarises what you should do next.

How does the ICO conduct an advisory visit?

We will give you an information sheet before the visit to explain what you can expect. We will also ask you to fill out a questionnaire which we will review with you during our visit. We will discuss which members of staff it would be useful for us to speak to and agree a simple schedule for the day.

We will use the one day visit to understand what policies and procedures you have in place and how they can be improved. The visit will also be flexible enough to provide an opportunity for your staff to ask questions.

Within five days of the visit, we will send you a short report which will summarise what we have seen and discussed, and provide you with practical advice.

What areas does an advisory visit normally cover?

There are three main areas that we will look at:

  • Security of personal data  we will review how you keep electronic and manual personal data secure.
  • Records management – we will review how you process records containing personal data including their creation, maintenance, and eventual destruction.
  • Requests for personal data – we will review how you handle individuals’ requests for copies of their personal data and how you manage routine and one off disclosures to other organisations.

What happens to the reports?

We will publish on our website that we have conducted an advisory visit with you and keep this information on our website for one year. We do this to show which types of organisations we are helping.

Who can request an advisory visit?

Advisory visits are aimed at small to medium sized businesses, charities and not for profit organisations. We are happy to work with organisations in the public and private sectors and will prioritise those that will benefit most from a visit. Unfortunately, due to our limited resources, we are not in a position to offer an Advisory visit to all organisations that apply for one.

How long does an advisory visit take?

You will need to complete a short questionnaire before our site visit and we will spend up to a day on site with you. We will send you the short report within five days of the visit.

How can I apply?

Please click here to start the application process.

For information about what we do with personal data see our privacy notice.

What good practice and areas for improvement can I learn from?

We have published some reports that summarise areas of good practice and areas for improvement we have seen across a number of organisations within particular sectors.

The good practice activities listed in the reports are not necessary to ensure compliance. However, they are things we have observed that work well in practice and positively impact the organisation’s ability to comply with the legislation we are responsible for.

These reports are put together for the sectors we have visited most:

We intend to publish more summary reports in the future.