The ICO exists to empower you through information.

The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.

Brief guidance 

Guide to accountability and governance

Contracts, documentation, data protection by design and default, data protection impact assessments and data protection officers. 

Detailed guidance 

Contracts and liabilities between controllers and processors

When contracts are needed and why they are important, what needs to be included and responsibility and liability.


What is documentation and who needs to document processing activities, what needs to be documented under article 30 and how to document processing activities.

Data protection impact assessments (DPIA)

What is a DPIA, when and how to conduct one, consulting the ICO and examples of 'likely to result in high risk'.

Codes of conduct

Data protection codes of conduct address sector specific data protection issues and support compliance with the UK GDPR’. We have detailed guidance and other resources for trade organisations and similar representative bodies who may create codes of conduct for their members.

Certification schemes

Data protection certification can help demonstrate data protection in a practical way to businesses, individuals and regulators. We have detailed guidance and other resources about certifications schemes for organisations.


Accountability framework

Assess your organisation’s accountability and governance.


Help us improve our website