UK GDPR guidance and resources
-
Subject access requests (SARs)
What is a subject access request (SAR), how to recognise them and when and how to respond to them.
-
Personal information - what is it?
Key definitions, what is considered personal information and what "identifiable" means.
-
Individual rights (including SARs)
Writing a privacy notice, responding to a subject access request, and when to delete, change, move or stop processing people's information.
-
Principles
Fairness, transparency, purpose limitation, minimisation, accuracy, accountability, storage and security.
-
Lawful basis, special category data and criminal offence data
Consent, contracts, legitimate interests, vital interests, public task, legal obligation, special category data, criminal offence data and biometrics.
-
CCTV and video surveillance
CCTV, video surveillance, body worn cameras and drones.
-
Controllers and processors
Definitions of 'controllers' and 'processors', how to determine them and their responsibilities.
-
Accountability and governance
DPIAs, accountability principle, internal governance, contracts, documentation, and data protection officers.
-
International transfers
International data transfers, transfer agreements, transfer risk assessments and binding corporate rules.
-
Exemptions
When and how you can apply exemptions to the UK GDPR requirements.
-
Security (data protection and cyber)
The security principles, personal data breaches, and guidance on encryption, ransomware and passwords.
-
Data sharing
The data sharing code, case studies and examples, checklist, the sharing of personal information with and by law enforcement authorities, sharing information to prevent harm and for child safeguarding purposes.
-
Employment information
Advice for employers and organisations involved in employment issues on how to use and look after your workers’ personal information, and guidance about working from home.
-
Children's information
How to protect children's information, the Age Appropriate Design Code and resources for online service providers.
-
Artificial intelligence
Artificial intelligence and data protection, AI risk assessment, explaining decisions made with AI and data analytics.
-
Designing products that protect privacy
Privacy in the product lifecycle and designing online services for children.
-
Research provisions
Research provisions in the UK GDPR and the DPA 2018, the principles and grounds for processing, research exemptions and safeguards.
-
Data protection and journalism code of practice
The data protection and journalism code, reference notes, consultation responses and impact assessment.
-
Online safety and data protection
Resources for organisations that use online safety technologies and processes.
-
Training videos
View the information governance and legislation training modules we provide to ICO staff as part of their internal training.