The ICO exists to empower you through information.

Purpose and lawful basis for processing

The ICO is responsible for the supervisory trust service provisions of the UK eIDAS Regulations and the creation, publication and maintenance of the UK Trusted List.

We process personal data for this purpose and our lawful basis is Article 6(1)(e) of the UK GDPR which allows us to process personal data when this is necessary to perform our public tasks as a regulator. 

What we need

We need a name and email address for trust service providers which can be the name and email address of an individual rather than an organisation.

What we do with it

We will add this information to the UK Trusted List which we are required to publish on our website. The UK Trusted List shows whether a trust service provider has been granted qualified status, and which of its services are qualified.

How long we keep it

Your details will be retained on the UK Trusted List as long as the trust service is active. If you inform us that you no longer provide the trust service, or if the name and email address are no longer accurate, your details will be removed from the published list.

A backup of the UK Trusted List is held by the ICO for six years.

What are your rights?

For more information on your rights, please see 'Your data protection rights'.

Do we use any data processors?


Do we transfer data overseas?