The ICO exists to empower you through information.

Purpose and lawful basis for processing

Our purpose for processing this information is to have a contact point at your organisation and to tell you the outcome of the check-up.

The lawful basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.

What we need

When we conduct an advisory check-up, we’ll take the name and contact details of your organisation’s main point of contact. We may also take details of other staff members.

Why we need it

We use the data collected to complete the advisory check-up and evidence the information provided.

What we do with it

We’ll only use it to contact you about the visit and share our outcome summary with you which will not be published.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We process this personal data in our capacity as regulator, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?