4 min read

Writen by Zlatko Delev

Posted on: May 13, 2021

The Information Commissioner’s Office (ICO)

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO is responsible for:

  • Promoting good practice in handling personal data and giving advice and guidance on data protection.
  • Ensure data controllers pay the appropriate data protection fee and provide and update basic information about their firm.
  • Helping to resolve disputes by deciding whether it is likely or unlikely that an organisation has complied with the GDPR when processing personal data.
  • Taking action to enforce compliance with GDPR, where appropriate.
  • Bringing prosecutions for offences committed under GDPR (except in Scotland, where the Procurator Fiscal brings prosecutions).

Under GDPR data controllers must pay the ICO a data protection fee unless they are exempt. The new data protection fee replaces the requirement to ‘notify’ or (register) under the DPA. Since all firms hold responsibilities under GDPR, the ICO requires less information than was required under the DPA.

Data controllers must provide:

  • The name and address of the controller
  • The number of members of staff the firm has
  • The turnover for the financial year
  • Any other trading names the firm has
  • Contact details for the person completing the fee registration process and the Data Protection Officer (if the firm is required to have a member of staff with that particular designation under GDPR).


The ICO issues monetary penalties of up to £500,000 to those who have broken the Data Protection Act 1998 or breached the terms of the Privacy and Electronic Communications Regulations (PECR). Serious breaches will be met with direct action and failure to comply with the law might lead to enforcement action.

The ICO serves assessment notices to organisations that aren’t willing to work harmoniously with the ICO and are at risk of breaching the Data Protection Act. The office is also responsible for appeals made under the Environmental Information Regulations 2004.

International responsibilities

As well as carrying out duties in the UK, the ICO also co-operates with international data protection authorities, including the European Commission. This co-operation involves:

  • Sharing information
  • Investigation of complaints
  • Working alongside partners to improve understanding of data protection laws and provide guidance where necessary

In the EU, the ICO works across all areas, including police and judicial co-operation, justice and freedom, and security. The ICO is part of the Article 29 Working Party, which represents each of the 28 EU data protection authorities, as well as Iceland, Liechtenstein and Norway.

How does the ICO support the GDPR?

The European Parliament, Council and European Commission’s aim for the General Data Protection Regulation is to unify data protection, making it more robust and secure for people within the European Union.

Elizabeth Denham, UK Information Commissioner, acknowledges that many people still question how GDPR will fit in with the UK leaving the EU. But she stresses that it’s still important to comply with GDPR. The ICO will work alongside the government to remain central in conversations about UK data protection law in the future and provide advice where necessary.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy