Regulator profile

ICO

Information Commissioner's Office

Enforcement Regulator

3 areas of regulation · 41 official guidance documents · 74 laws enforced · UK-wide

What ICO does

Data protection, freedom of information, privacy and electronic communications regulation. Enforces UK GDPR and Data Protection Act 2018. Issues fines for breaches. All businesses processing personal data must pay ICO data protection fee.

Contact ICO

Website Visit official website Email casework@ico.org.uk Phone 0303 123 1113

Data Protection Freedom Of Information Privacy

Official guidance from ICO

Curated guidance documents to help you understand your obligations.

Pay the data protection fee
Detailed Guidance
Direct marketing guidance (ICO)
Detailed Guidance
ICO AI and data protection guidance
Detailed Guidance
UK GDPR guidance (ICO)
Detailed Guidance
ICO guidance for organisations
Detailed Guidance
ICO personal data breach guidance
Detailed Guidance
Guide to the Privacy and Electronic Communications Regulations (ICO)
Detailed Guidance
ICO: Age Appropriate Design Code
Detailed Guidance

View all 41 guidance documents →

Legal framework

Legislation that ICO directly enforces.

Primary legislation

DPA 1998 Act 1998
Freedom of Information Act 2000 Act 2000
Data Retention and Investigatory Powers Act 2014 Act 2014
Data Protection Act 2018 Act 2018
Investigatory Powers (Amendment) Act 2024 Act 2024
Data Use and Access Act 2025 Act 2025
Data Use and Access Act 2025 Act 2025

Secondary legislation

Electronic Commerce (EC Directive) Regulations 2002 UK Statutory Instrument 2002
Privacy and Electronic Communications Regulations 2003 UK Statutory Instrument 2003
Environmental Information Regulations 2004 UK Statutory Instrument 2004
Freedom of Information (Fees and Appropriate Limit) Regulations 2004 UK Statutory Instrument 2004
INSPIRE Regulations 2009 UK Statutory Instrument 2009
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 UK Statutory Instrument 2010
The Data Protection (Monetary Penalties) Order 2010 UK Statutory Instrument 2010
The Freedom of Information (Time for Compliance with Request) Regulations 2010 UK Statutory Instrument 2010
Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 UK Statutory Instrument 2011
The Data Protection Act 1998 (Commencement No. 3) Order 2011 UK Statutory Instrument 2011
... and 57 more statutory instruments

Legislation connected to ICO's remit but not directly enforced — establishing Acts, amendments, referenced legislation, and context.

Administered / monitored

Data Protection (Processing of Sensitive Personal Data) Order 2000

UK Statutory Instrument 2000
The A14 Trunk Road ... Westbound (Temporary Restriction) Order 2013

UK Statutory Instrument 2013
Public Contracts Regulations 2015

UK Statutory Instrument 2015
The Naval, Military and Air Forces Etc. (Disablement and Death) Service Pensions (Amendment) Order 2015

UK Statutory Instrument 2015
Electronic Identification and Trust Services for Electronic Transactions Regulations 2016

UK Statutory Instrument 2016
Data Protection, Privacy and Electronic Communications (Amendments ) (EU Exit) Regulations 2019

UK Statutory Instrument 2019
Procurement Regulations 2024

UK Statutory Instrument 2024
DUAA 2025 (Commencement No. 6) Regulations 2026

UK Statutory Instrument 2026

Coverage area

UK-wide