The ICO exists to empower you through information.

Purpose and lawful basis for processing

Our purpose for processing this information is to assess your suitability for a role you have applied for and to help us develop and improve our recruitment process.

The lawful basis we rely on for processing your personal data are article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. And article 6(1)(f) for the purpose of our legitimate interests.

If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious, sexual orientation or ethnicity information are article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights or article 9(2)(g) - necessary for reasons of substantial public interest.

The additional DPA 2018 processing conditions we rely on are Schedule 1 part 1(1) which again relates to processing for employment purposes and Schedule 1, part 2 paragraph 6 – statutory etc and government purposes.

We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

What will we do with the information you give us?

We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide with any third parties for marketing purposes.

We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process. We’ll use the other information you provide to assess your suitability for the role.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.

We will use any feedback you provide about our recruitment process to develop and improve our future recruitment campaigns.

Application stage

If you use our online application system, your details will be collected by our data processor Workday on our behalf.

If you are unable to use our online application system, you can submit your CV and cover letter to us to create an account for you by emailing [email protected].

We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information.

You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics. This information may also be shared with external equality and diversity auditors.


Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.


We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.

If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.

If you attend an assessment day we may ask you to bring identification documents, such as your passport or driving licence, as well as proof of your qualifications. We will take copies should we need to progress any pre-employment checks. We collect this information at the assessment day from all candidates to minimise any delay to successful candidates being able to commence their role at the ICO. If you’re not appointed to a role, we will delete your information immediately.

Conditional offer

If we make a conditional offer of employment, we’ll carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.

You must therefore provide:

  • proof of your identity – you will be asked to attend our office with original documents; we’ll take copies
  • proof of your qualifications – you will be asked to attend our office with original documents; we’ll take copies
  • a criminal records declaration to declare any unspent convictions
  • your email address, which we’ll pass to the Government Recruitment Service, which will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions.
  • We’ll contact your referees, using the details you provide in your application, directly to obtain references
  • We’ll also ask you to complete a questionnaire about your health to establish your fitness to work.
  • We’ll also ask you about any reasonable adjustments you may require under the Equality Act 2010. This information will be shared with relevant ICO staff to ensure these are in place for when you start your employment.

If we make a final offer, we’ll also ask you for the following:

  • bank details – to process salary payments
  • emergency contact details – so we know who to contact in case you have an emergency at work
  • any membership of a Civil Service Pension scheme – so we can send you a questionnaire to see whether you are eligible to rejoin your previous scheme. Or we’ll provide your information to our partnership pension provider if you don’t want to join the Civil Service Pension scheme.

After your start date

Some roles require a higher level of security clearance – this will be clear on the advert or job description (or both). If so, you will be asked to submit information via the National Security Vetting process to HMRC. HMRC will be the data controller for this information.

HMRC will tell us whether your application is successful or not. If it is not, we will not be told the reasons but we may need to review your suitability for the role or how you perform your duties.

Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest, or if they are active in a political party. If you complete a declaration, the information will be held on your personnel file. You will also need to declare any secondary employment.


We also offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or organisations who think they could benefit from their staff working with us.

Applications are sent directly to us. Once we have considered your application, if we are interested in speaking to you further, we’ll contact you using the details you give.

We may ask you to provide more information about your skills and experience or invite you to an interview.

If we do not have any suitable work at the time, we’ll let you know but we may ask if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we’ll keep your application for six months.

If you are seconded to us, we’ll ask you to complete a political affiliation declaration. Also you will be expected to adhere to a confidentiality agreement and code of conduct, which will be agreed with your organisation.

We may also ask you to complete our pre-employment checks or to obtain security clearance via the National Security Vetting process – both of which are described in this notice. Whether you need to do this will depend on the type of work you will be doing for us.

We ask for this information so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.

How long is the information kept for?

For information about how long we hold personal data, see our retention schedule.

How we make decisions about recruitment

Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.

Any online testing is marked and a result is generated automatically. However, if you wish to challenge the mark you have received, the result can be checked manually.

You can ask about decisions on your application by speaking to your contact in our recruitment team or by emailing [email protected].

Your rights

As an individual, you have certain rights regarding your own personal data.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

Yes – we use several processors to provide elements of our recruitment service for us.

We use Workday to operate our online application system and to produce anonymised management information about campaigns, as well as to receive and manage job applications sent to us by selected recruitment agencies. Here is a link to Workday’s privacy notice.

If you accept a final offer from us, your HR and payroll information will be held on Workday to enable us to provide HR services and process your salary payments.

Your details will be provided to MyCSP who is the administrator of the Civil Service Pension Scheme, of which we are a member organisation. You will be auto-enrolled into the pension scheme and the details provided to MyCSP will be your name, date of birth, National Insurance number and salary. Your bank details will not be passed to MyCSP at this time.

We use BHSF to provide our Occupational Health service.

We’ll send you a link to the questionnaire that will take you to their website The information you provide will be held by BHSF, who will give us a fit to work certificate or a report with recommendations. You are able to request to see the report before it is sent to us. If you decline for us to see it, this could affect your job offer. If an occupational health assessment is required, this is likely to be carried out by BHSF.

When we appoint temporary staff, we use Alexander Mann Solutions (AMS) to carry out the Baseline Personnel Security Standard checks. Here is a link to AMS's privacy notice.

We use Clear Company for external equality and diversity audits. You can read their Privacy Policy here.