Data protection

How to get it right
If you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 1998.
Key questions
• How do I respond to a subject access request?
• Can I send personal data overseas?
• What security measures should I take to protect the personal data I hold?
• What should I do if I lose personal data?
• What happens when someone complains?
• Would my organisation benefit from an audit, advisory visit or data protection workshop?
Register your organisation
The Data Protection Act 1998 requires every organisation processing personal data to register with the ICO, unless they are exempt.
Guide to Data Protection
Our plain English guide to data protection contains definitions, principles and practical examples.
Topic guides
Our practical topic guides include anonymisation, CCTV, data sharing and online.
Guidance index
A full A-Z list of our data protection guidance is available in our guidance index.
Training materials
Get training materials including practical toolkits, training videos and print publications.
Useful items

- Legislation
Read the full text of the legislation covered by the ICO.
- Sector guides
Where do you work? We’ve produced a set of sector specific guides.
- Enforcement action
Read about our monetary penalties, enforcement notices and prosecutions.
Share this page