The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This self assessment tool can help you determine the data protection regime that applies to the data you process, now the UK’s transition period from the EU has ended.

There are four possible regimes under UK law that are regulated by the ICO:

  • UK GDPR (the general UK regime)
  • Frozen GDPR (the regime for non-UK data);
  • DPA Part 3 (the law enforcement regime); and
  • DPA Part 4 (the intelligence services regime)

In some cases, UK organisations may also have to comply with the EU GDPR. However, this will be regulated separately by EU authorities, and the UK has no regulatory role.

This will take 5 minutes

Start now