Our plans for new and updated guidance
Our guidance is designed to help and support you to comply with the laws we regulate, and to help people understand their information rights.
As well as detailed formal guidance and Codes of Practice, we also produce checklists, toolkits and position papers. We create all our guidance with you in mind, making it as simple as possible for you to use.
On this page you’ll find information about all the guidance that we’re working on. You’ll see what we’re developing and when we expect to publish. And we’ll give you regular updates here so that you can confidently track a product as it develops.
Guidance in development
Click to expand the list of guidance in development
- Recruitment and selection guidance
- Employment Records guidance
- Privacy Notice Generator
- Data Protection Audit Framework
- FOI Section 41 - Information provided in confidence
- Guidance on the use of storage and access technologies
- Consumer Internet of Things guidance
- Cloud Computing guidance
- Right of access detailed guidance
- Encryption guidance
- Scanning Children's fingerprints in school guidance
- Handling Cyber Incidents
- International Transfers guidance
- Substantial Public Interest Conditions – Guidance Update
- Profiling and Behaviour ID Tools for Online Safety
- ICO-CMA Position Paper on Foundations Models
- FOI - Reduce the inappropriate use of exemptions and empower the public to know when they can press for more
- Part 3 Law Enforcement Guidance
- Police and justice guidance for the public
- Self–service - Subject Access Request – user journey
- Consent or Pay public-facing policy position
- Data sharing for scams and frauds case studies
- Joint Guidance: How to build equality & data protection in your AI procurement process: A Guide for Councils in England
- Sharing Information to Safeguard Children Sector Guidance
- Anonymisation & Pseudonymisation guidance
- How to disclose information safely
- Data protection basics
- Identity theft
- Spam texts
- Spam emails
- Special category data - detailed and in brief
- Guide to Privacy and Electronic Communications Regulations update
- Guidance on Distributed Ledger Technologies (DLT)
- Nuisance Calls
- Section 22 - Information intended for future publication and research information (sections 22 and 22A)
- Report a breach: UK GDPR data breach reporting (DPA 2018)
- Who does the GDPR apply to?
- Right to erasure
Guidance stages explained
Drafting – During this stage we pull together all relevant information and create a structured draft.
Internal consultation – We share the draft with teams across the office who can help us to improve and refine the guidance, provide specialist input and make sure our guidance is consistent.
Redrafting (following internal consultation) – We take all the feedback we’ve received from our internal consultation and use it to improve our draft, before we share it more widely.
Public consultation (optional) – In most cases we carry out a public consultation on the draft guidance, before we publish the finished product. This helps us understand the needs of stakeholders and the public. To understand more about how and when we do this, you can read our consultation policy.
Redrafting (following public consultation) – We make changes to the draft guidance to clarify issues and meet the needs of our audience.
Review and sign off – We carry out a final review, before sign off and publication.
Withdrawn - Occasionally we decide to not proceed with a guidance project. If so, we mark it as withdrawn for two months, before removing it from this page. If we decide to revisit an issue, we add a new entry to this page.
Guidance on the use of storage and access technologies
Updated guidance on the use of storage and access technologies.
Stage: Redrafting (following public consultation)
Due for publication: Winter 2025/2026
Further information: Updated guidance for online service providers using storage and access technologies on our expectations for compliance with PECR (and, where the use of these technologies involves personal data processing, the UK GDPR).
Substantial Public Interest Conditions – Guidance Update
Update on the ICO’s existing guidance on the substantial public interest (SPI) conditions.
Stage: Drafting
Due for publication: Spring 2025
Further information: Adding additional content to explain how these conditions work. We are also developing a tool for users.
Joint Guidance: How to build equality & data protection in your AI procurement process: A Guide for Councils in England
Guidance to help local authorities comply with the Public Sector Equality Duty and Data Protection law when procuring and contracting out AI-based -technologies.
Stage: Withdrawn
Further information: Guidance now being produced by an external organisation