Skip to main content
Home
The ICO exists to empower you through information.
Cymraeg
Search
Search
Search
Menu
Home
For the public
For organisations
Make a complaint
Action we've taken
About the ICO
For organisations
UK GDPR guidance and resources
UK GDPR guidance and resources
Subject access requests (SARs)
What is a subject access request (SAR), how to recognise them and when and how to respond to them.
Individual rights
Writing a privacy notice, responding to a subject access request, and when to delete, change, move or stop processing people's information.
Lawful basis, special category data and criminal offence data
Consent, contracts, legitimate interests, vital interests, public task, legal obligation, special category data, criminal offence data and biometrics.
Controllers and processors
Definitions of 'controllers' and 'processors', how to determine them and their responsibilities.
International transfers
International data transfers, transfer agreements, transfer risk assessments and binding corporate rules.
Security (data protection and cyber)
The security principles, personal data breaches, and guidance on encryption, ransomware and passwords.
Employment information
Advice for employers and organisations involved in employment issues on how to use and look after your workers’ personal information, and guidance about working from home.
Artificial intelligence
Artificial intelligence and data protection, AI risk assessment, explaining decisions made with AI and data analytics.
Research provisions
Research provisions in the UK GDPR and the DPA 2018, the principles and grounds for processing, research exemptions and safeguards.
Online safety and data protection
Resources for organisations that use online safety technologies and processes.
Personal information - what is it?
Key definitions, what is considered personal information and what "identifiable" means.
Principles
Fairness, transparency, purpose limitation, minimisation, accuracy, accountability, storage and security.
CCTV and video surveillance
CCTV, video surveillance, body worn cameras and drones.
Accountability and governance
DPIAs, accountability principle, internal governance, contracts, documentation, and data protection officers.
Exemptions
When and how you can apply exemptions to the UK GDPR requirements.
Data sharing
The data sharing code, case studies and examples, checklist, the sharing of personal information with and by law enforcement authorities, sharing information to prevent harm and for child safeguarding purposes.
Children's information
How to protect children's information, the Age Appropriate Design Code and resources for online service providers.
Designing products that protect privacy
Privacy in the product lifecycle and designing online services for children.
Data protection and journalism code of practice
The data protection and journalism code, reference notes, consultation responses and impact assessment.
Training videos
View the information governance and legislation training modules we provide to ICO staff as part of their internal training.
Pay fee, renew fee or register a DPO
Report a breach
Advice and services
Advice for small organisations
Back to top