Individuals’ rights

<!doctype html>    <html lang="en"> <head prefix="og: http://ogp.me/ns#"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="initial-scale=1.0, width=device-width"> <title>Individuals’ rights | ICO</title> <meta name="DC.Subject" content="Individuals’ rights" /> <meta name="DC.Date" content="Tuesday, November 19, 2024" /> <meta name="DC.Creator" content="" /> <meta name="DC.Publisher" content="ICO" /> <meta name="DC.Title" content="Individuals’ rights" /> <meta name="DC.PageID" content="5833" /> <meta property="og:title" content="Individuals’ rights" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/individuals-rights/" /> <meta property="og:description" content="" /> <meta property="og:image" content="" /> <meta name="twitter:title" content="Individuals’ rights" /> <meta name="twitter:description" content="" /> <meta name="robots" content="index" /> <link rel="shortcut icon" type="image/x-icon" href="/media2/lhphq55z/favicon.ico" /> <link rel="stylesheet" type="text/css" href="/css/site.css?v=2vrG7eADocFkX9vchR9h5gTORmu6STTHxmyTWJsW9nw" /> </head> <body id="top" class="bg-white min-h-screen "> <a class="flex items-center justify-center px-3 py-2 bg-secondary text-white text-xl sr-only focus:relative focus:w-full focus:h-fit" href="#main-content"> <span class="font-serif text-serif-base pr-2">Skip to main content</span> <span class="icon icon-arrow-down"></span> </a> <header class="w-full fixed md:static z-10 md:z-auto print:hidden"> <div class="bg-primary"> <div class="lg:container px-4 py-3.5 md:flex"> <div class="md:pr-8"> <a href="/"> <div class="bg-left bg-contain bg-no-repeat h-8 w-20 inline-block md:hidden" style="background-image: url('/media2/qkcg1rdf/logo-small.svg?width=80&height=32&v=1db03b868bf60c0');"></div> <div class="bg-left bg-contain bg-no-repeat h-24 w-40 hidden md:inline-block" style="background-image: url('/media2/myukqaa2/ico-header-logo.svg?width=160&height=96&v=1db03b866f17e90');"></div> <span class="sr-only">Home</span> </a> </div> <div class="grow items-stretch hidden md:flex"> <div class="font-serif text-center md:text-left text-white text-serif-base md:flex items-end md:pl-8 border-secondary border-dotted md:border-l-2"> <span>The ICO exists to empower you through information.</span> </div> </div> <div class="flex flex-col items-end md:pl-8"> <script type="application/json" id="language-settings"> {"cookieDomain":"ico.org.uk","options":[{"text":"English","href":"https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/individuals-rights/","icon":"icon-lang-en","value":"English"},{"text":"Cymraeg","href":"https://cy.ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/individuals-rights/","icon":"icon-lang-cy","value":"Welsh"}]} </script> <div id="language-toggle"></div> <div class="grow flex items-end"> <button type="button" id="search-toggle" class="absolute rounded p-2 top-3 right-12 md:hidden hover:bg-secondary" aria-controls="search"> <span id="search-icon" class="block icon icon-search text-white text-xl"></span> <span class="sr-only">Search</span> </button> <div id="search" class="motion-safe:transition-all motion-safe:duration-200 hidden md:block w-full sm:w-fit max-h-0 md:max-h-fit overflow-hidden md:overflow-auto"> <form action="https://icosearch.ico.org.uk/s/search.html" method="GET" id="search-form" class="pt-3.5 md:pt-0"> <input type="hidden" name="collection" value="ico-meta" /> <input type="hidden" name="profile" value="_default" /> <div class="flex"> <label for="search-query" class="sr-only">Search</label> <input type="search" name="query" id="search-query" class="grow min-w-0 px-2 py-1 border-t border-b border-l border-r-0 border-white/50 focus:border-white focus:ring-0 rounded-l bg-secondary motion-safe:transition-colors hocus:bg-white text-white hocus:text-black sm:w-60 md:w-48" /> <button type="submit" class="text-transparent bg-secondary rounded-r p-2 border-t border-b border-r border-white/50"> <span class="block text-white text-xl icon icon-search"></span> <span class="sr-only">Search</span> </button> </div> </form> </div> </div> </div> </div> </div> <div class="bg-secondary"> <div class="lg:container md:px-4"> <button type="button" id="navbar-toggle" class="absolute rounded p-2 top-3 right-3 md:hidden hover:bg-secondary" aria-controls="navbar"> <span class="block icon icon-menu text-white text-xl"></span> <span class="sr-only">Menu</span> </button> <nav id="navbar" class="bg-secondary motion-safe:transition-all motion-safe:duration-200 hidden md:block max-h-0 md:max-h-fit overflow-hidden md:overflow-auto"> <ul class="border-primary border-dotted border-t-2 md:border-t-0 md:flex md:flex-wrap"> <li class="md:flex"> <a href="/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-grey md:hover:border-t-theme-grey"> <span>Home</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> <li class="md:flex"> <a href="/for-the-public/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-green md:hover:border-t-theme-green"> <span>For the public</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> <li class="md:flex"> <a href="/for-organisations/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-yellow md:hover:border-t-theme-yellow bg-primary md:border-t-theme-yellow"> <span>For organisations</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> <li class="md:flex"> <a href="/make-a-complaint/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-orange md:hover:border-t-theme-orange"> <span>Make a complaint</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> <li class="md:flex"> <a href="/action-weve-taken/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-red md:hover:border-t-theme-red"> <span>Action we've taken</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> <li class="md:flex"> <a href="/about-the-ico/" class="relative flex justify-between items-center text-white text-serif-lg md:text-base whitespace-nowrap md:whitespace-normal pl-9 md:pl-3 pr-4 md:pr-3 py-2 md:py-1 font-serif md:font-sans before:absolute before:w-2.5 before:top-2 before:bottom-2 before:left-4 md:before:hidden md:border-y-5 md:border-transparent before:bg-theme-blue md:hover:border-t-theme-blue"> <span>About the ICO</span> <span class="icon icon-arrow-right text-xl md:hidden"></span> </a> </li> </ul> </nav> </div> </div> </header> <main id="main-content" class="pt-20 md:pt-0 md:mt-7 mb-3 md:mb-4"> <div class="lg:container px-4 mb-4 print:hidden"> <nav aria-label="breadcrumb"> <ul class="-mx-1 flex flex-wrap text-sm"> <li class="mx-1"> <span class="after:content-['/'] after:ml-1"> <a href="/for-organisations/" class="text-link hover:underline">For organisations</a> </span> </li> <li class="mx-1"> <span class="after:content-['/'] after:ml-1"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/" class="text-link hover:underline">UK GDPR guidance and resources</a> </span> </li> <li class="mx-1"> <span class="after:content-['/'] after:ml-1"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/" class="text-link hover:underline">Accountability and governance</a> </span> </li> <li class="mx-1"> <span class="after:content-['/'] after:ml-1"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/" class="text-link hover:underline">Accountability Framework</a> </span> </li> <li class="mx-1"> <span>Individuals’ rights</span> </li> </ul> </nav> </div> <div class="lg:container px-4"> <div class="border-dotted border-b-2 border-neutral-200 pb-2 sm:pb-3.5 md:pb-6 mb-2 sm:mb-3.5 md:mb-5"> <div class="md:flex md:items-center"> <h1 class="py-0.5 font-serif leading-none sm:border-l-10 sm:pl-3 text-serif-2xl sm:text-serif-3xl border-theme-yellow">Individuals’ rights</h1> <div class="md:pl-2 md:ml-auto mt-2 md:mt-2 print:hidden"> </div> </div> </div> <div class="grid grid-cols-4"> <div class="col-span-4 md:hidden border-b-2 border-dotted border-neutral-200 flex justify-between pb-2 mb-4 cursor-pointer print:hidden" id="multipage-nav-toggle"> <p class="text-sm text-primary justify-start">Contents</p> <div class="justify-end"> <span class="icon icon-search text-primary" id="multipage-search-button"></span> <span class="icon icon-pointer-down text-primary"></span> </div> </div> <aside class="col-span-4 md:col-span-1 hidden md:block motion-safe:transition-all motion-safe:duration-200 overflow-hidden md:overflow-auto max-h-0 md:max-h-fit mb-6 md:mb-0" id="multipage-nav"> <form id="multipage-search" class="mb-3 flex" method="get"> <label for="multipage-search-input" class="sr-only">Search this document</label> <input type="search" name="search" value="" class="w-full py-2 px-2 text-sm bg-slate-100 border-r-0" id="multipage-search-input" /> <button type="submit" title="Search" class="icon icon-search px-2 bg-slate-100 border border-solid border-l-0 border-slate-700"> </button> </form> <nav> <ul> <li> <div class="mb-2 pb-2 border-b-2 border-dotted border-neutral-200"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5632"> <span>Accountability Framework</span> </a> </div> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/introduction-to-the-accountability-framework/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5802"> <span>Introduction to the Accountability Framework</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/whats-new/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5807"> <span>What's new?</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/navigating-the-accountability-framework/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5810"> <span>Navigating the Accountability Framework</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/leadership-and-oversight/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5820"> <span>Leadership and oversight</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/policies-and-procedures/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5822"> <span>Policies and procedures</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/training-and-awareness/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5828"> <span>Training and awareness</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/individuals-rights/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid bg-neutral-100 text-neutral-600 border-theme-yellow pl-[10px]" data-id="5833"> <span>Individuals’ rights</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/transparency/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5835"> <span>Transparency</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5838"> <span>Records of processing and lawful basis</span> </a> </div> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/record-of-processing-activities-ropa/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7865"> <span>Record of processing activities (ROPA)</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/ropa-requirements/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7869"> <span>ROPA requirements</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/good-practice-for-ropas/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7873"> <span>Good practice for ROPAs</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/documenting-your-lawful-basis/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7875"> <span>Documenting your lawful basis</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/lawful-basis-transparency/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7876"> <span>Lawful basis transparency</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/consent-requirements/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7879"> <span>Consent requirements</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/reviewing-consent/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7881"> <span>Reviewing consent</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/risk-based-age-checks-and-parental-or-guardian-consent/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7884"> <span>Risk-based age checks and parental or guardian consent</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-of-processing-and-lawful-basis/legitimate-interest-assessment-lia/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7886"> <span>Legitimate interest assessment (LIA)</span> </a> </div> </li> </ul> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5840"> <span>Contracts and data sharing</span> </a> </div> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/data-sharing-agreements/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7861"> <span>Data sharing agreements</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/restricted-transfers/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7863"> <span>Restricted transfers</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/processors/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7866"> <span>Processors</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/controller-processor-contract-requirements/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7868"> <span>Controller-processor contract requirements</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/processor-due-diligence-checks/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7871"> <span>Processor due diligence checks</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/processor-compliance-reviews/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7874"> <span>Processor compliance reviews</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/third-party-products-and-services/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7877"> <span>Third-party products and services</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/contracts-and-data-sharing/purpose-limitation/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7878"> <span>Purpose limitation</span> </a> </div> </li> </ul> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/risks-and-data-protection-impact-assessments-dpias/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5841"> <span>Risks and data protection impact assessments (DPIAs)</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5845"> <span>Records management and security</span> </a> </div> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/data-quality/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7880"> <span>Data quality</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/retention-schedule/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7882"> <span>Retention schedule</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/destruction/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7883"> <span>Destruction</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/information-asset-register/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7885"> <span>Information asset register</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/rules-for-acceptable-software-use/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7887"> <span>Rules for acceptable software use</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/access-control/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7888"> <span>Access control</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/unauthorised-access/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7889"> <span>Unauthorised access</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/mobile-devices-home-or-remote-working-and-removable-media/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7890"> <span>Mobile devices, home or remote working and removable media</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/secure-areas/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7891"> <span>Secure areas</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/records-management-and-security/business-continuity-disaster-recovery-and-back-ups/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7892"> <span>Business continuity, disaster recovery and back-ups</span> </a> </div> </li> </ul> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5848"> <span>Breach response and monitoring</span> </a> </div> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/assessing-and-reporting-breaches/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7859"> <span>Assessing and reporting breaches</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/notifying-individuals/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7860"> <span>Notifying individuals</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/reviewing-and-monitoring/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7862"> <span>Reviewing and monitoring</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/external-audit-or-compliance-check/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7864"> <span>External audit or compliance check</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/internal-audit-programme/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7867"> <span>Internal audit programme</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/performance-and-compliance-information/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7870"> <span>Performance and compliance information</span> </a> </div> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/breach-response-and-monitoring/use-of-management-information/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[20px]" data-id="7872"> <span>Use of management information</span> </a> </div> </li> </ul> </li> </ul> <ul> <li> <div> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/case-studies/" class="pt-2 pr-2 pb-2 flex justify-between text-sm border-l-4 border-solid text-link border-transparent hover:border-neutral-200 hover:bg-neutral-100 pl-[10px]" data-id="5851"> <span>Case studies</span> </a> </div> </li> </ul> </li> </ul> </nav> </aside> <div class="col-span-4 md:col-span-3 md:pl-10"> <div class="mb-10"> <div class="umb-block-grid" data-grid-columns="12;" style="--umb-block-grid--grid-columns: 12;"> <div class="umb-block-grid__layout-container"> <div class="umb-block-grid__layout-item" data-content-element-type-alias="richTextBlock" data-content-element-type-key="d7ec1d8a-2a00-439e-95b4-9f3537f5ece4" data-element-udi="umb://element/fc808c5118ab47af91d251005d4ba8bf" data-col-span="12" data-row-span="1" style=" --umb-block-grid--item-column-span: 12; --umb-block-grid--item-row-span: 1; "> <div class="prose prose-sm md:prose-base prose-h2:font-serif sm:prose-h2:border-l-10 sm:prose-h2:pl-3 sm:prose-h2:-ml-3 sm:prose-h2:relative sm:prose-h2:left-[-10px] prose-h3:font-serif sm:prose-lead:border-l-10 sm:prose-lead:pl-3 sm:prose-lead:-ml-3 sm:prose-lead:relative sm:prose-lead:left-[-10px] prose-hr:my-4 prose-h2:border-theme-yellow-light prose-lead:border-theme-yellow-light prose-theme-yellow sm:ml-[10px] sm:pl-3"> <h2>Why is this important?</h2><p>Data protection law aims to empower individuals and give them greater control over their personal data through several rights, which you need to facilitate effectively. Compliance with individual rights minimises the privacy risks to individuals as well as to organisations. It will help you to comply with other data protection requirements, such as the principles. Good data protection compliance enhances your reputation and gives you a competitive edge because it increases the trust and confidence that people have in how you handle personal data.</p><h2>At a glance – what we expect from you</h2><ul> <li><a href="#Informing">Informing individuals and identifying requests</a></li> <li><a href="#Resources">Resources</a></li> <li><a href="#requests">Logging and tracking requests</a></li> <li><a href="#responses">Timely responses</a></li> <li><a href="#performance">Monitoring and evaluating performance</a></li> <li><a href="#Inaccurate">Inaccurate or incomplete information</a></li> <li><a href="#Erasure">Erasure</a></li> <li><a href="#Restriction">Restriction</a></li> <li><a href="#portability">Data portability</a></li> <li><a href="#automated">Rights relating to automated decision-making and profiling</a></li> <li><a href="#Individual">Individual complaints</a></li> </ul><h2><a id="Informing"></a>Informing individuals and identifying requests</h2><div class="rt-block rt-amber"> <p>You inform individuals about their rights and all staff are aware of how to identify and deal with both verbal and written requests.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>You give individuals clear and relevant information about their rights and how to exercise them.</li> <li>Your policies and procedures set out processes for dealing with requests from individuals about their rights.</li> <li>All staff receive training and guidance about how to recognise a request and where to send them.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Do all staff understand how to recognise a request and where to send them?</li> <li>Would individuals say that you provided useful materials to help them to exercise their rights?</li> </ul><h2><a id="Resources"></a>Resources</h2><div class="rt-block rt-amber"> <p>You have appropriate resources in place to handle requests from individuals about their data.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>A specific person/s or team are responsible for managing and responding to requests.</li> <li>Staff receive specialised training to handle requests, including regular refresher training.</li> <li>You have sufficient resources to deal with requests.</li> <li>If a staff member is absent, you train other staff to carry out key tasks.</li> <li>Your organisation can deal with any increase in requests or reduction in staffing levels.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Are staff aware of their key responsibilities and how to deliver them in practice?</li> <li>Would your staff say that you have appropriate resources to deal with the volume of requests?</li> <li>In the case of staff absences, could key tasks in the request process be covered by more than one individual? </li> </ul><h2><a id="requests"></a>Logging and tracking requests</h2><div class="rt-block rt-amber"> <p>Your organisation logs receipt of all verbal and written requests from individuals and updates the log to track the handling of each request.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>You have processes in place to ensure the log is accurate and updated as appropriate.</li> <li>The log shows the due date for requests, the actual date of the final response and the action taken.</li> <li>A checklist records the key stages in the request handling process, eg which systems or departments have been searched. This is either part of the log or a separate document.</li> <li>You have records of your organisation's request responses, and any disclosed or withheld information from subject access requests.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Could you locate relevant records easily?</li> <li>Are the records correct?</li> <li>Would a small sample of requests show that your staff follow the policies and procedures?</li> </ul><h2><a id="responses"></a>Timely responses</h2><div class="rt-block rt-amber"> <p>You deal with requests from individuals in a timely manner that meets individual expectations and statutory timescales.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>You action all requests within statutory timescales.</li> <li>The staff responsible for managing requests meet regularly to discuss any issues and investigate, prioritise or escalate any delayed cases.</li> <li>If you need an extension, you update individuals on the progress of their request and keep them informed.</li> <li>If a request is refused, you have records about the reasons why and you inform individuals about the reasons for any refusals or exemptions.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li> <p>Would staff say that the process in place to deal with issues is regular and effective?</p> </li> <li> <p>Would requesters say they were kept well-informed about the progress of their request?</p> </li> <li>Did requesters receive clear information?</li> </ul><h2><a id="performance"></a>Monitoring and evaluating performance</h2><div class="rt-block rt-amber"> <p>Your organisation monitors how your staff handle requests and you use that information to make improvements.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>The staff responsible for managing requests meet regularly to discuss any issues.</li> <li>You produce regular reports on performance and case quality assessments to ensure that requests are handled appropriately.</li> <li>You share reports with senior management, that they review and action at appropriate meetings.</li> <li>Your organisation analyses any trends in the nature or cause of requests to improve performance or reduce volumes.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li> <p>Are the management reports easy to understand?</p> </li> <li> <p>Does senior management know about current performance?</p> </li> <li>Are the actions clear and are they followed up?</li> </ul><h2><a id="Inaccurate"></a>Inaccurate or incomplete information</h2><div class="rt-block rt-amber"> <p>Your organisation has appropriate systems and procedures to change inaccurate information, add additional information to incomplete records or add a supplementary statement where necessary.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>Your organisation takes proportionate and reasonable steps to check the accuracy of the personal data held and, if necessary, is able to rectify it.</li> <li>If your organisation is satisfied that the data is accurate, you have a procedure to explain this to the individual. You need to inform the individual of their right to complain, and as a matter of good practice, record on the system the fact that the individual disputes the accuracy of the information.</li> <li>If personal data has been disclosed to others, your organisation contacts each recipient to inform them about the rectification, unless this is impossible or involves disproportionate effort.</li> <li>If asked, the organisation tells the data subject which third parties have received the personal data.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Would staff say there are effective processes in place to rectify inaccurate or incomplete personal data?</li> <li>Would requesters say they were given clear information about the steps you took?</li> </ul><h2><a id="Erasure"></a>Erasure</h2><div class="rt-block rt-amber"> <p>You have appropriate methods and procedures in place within your organisation to delete, suppress or otherwise stop processing personal data if required.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>You erase personal data from back-up systems as well as live systems where necessary, and you clearly tell the individual what will happen to their data.</li> <li>If the personal data is disclosed to others, your organisation contacts each recipient to inform them about the erasure, unless this is impossible or involves disproportionate effort.</li> <li>If asked to, your organisation tells the data subject which third parties have received the personal data.</li> <li>If personal data has been made public in an online environment, you take reasonable steps to tell other controllers, if they are processing it, to erase links to, copies or replication of that data.</li> <li>Your organisation gives particular weight to a request for erasure where the processing is or was based on a child’s consent, especially when processing any personal data on the internet.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li> <p>Would staff say there are effective processes in place to erase personal data?</p> </li> <li> <p>Would requesters say they were given clear information about the steps you took?</p> </li> </ul><h2><a id="Restriction"></a>Restriction</h2><div class="rt-block rt-amber"> <p>Your organisation has appropriate methods and procedures in place to restrict the processing of personal data if required.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>Your organisation restricts personal data in a way appropriate for the type of processing and the system, for example temporarily moving the data to another system or removing it from a website.</li> <li>If the personal data has been disclosed to others, your organisation contacts each recipient to tell them about the restriction, unless this is impossible or involves disproportionate effort.</li> <li>If asked to, your organisation tells the data subject which third parties have received the personal data.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li> <p>Would staff say you have effective processes in place to restrict personal data?</p> </li> <li>Would requesters say you gave them clear information about the steps you took?</li> </ul><h2><a id="portability"></a>Data portability</h2><div class="rt-block rt-amber"> <p>Individuals are able to move, copy or transfer their personal data from your organisation to another securely, without affecting the data.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>When requested, you provide personal data in a structured, commonly used and machine readable format.</li> <li>Where possible and if an individual requests it, your organisation can directly transmit the information to another organisation.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Would staff say you have effective data portability processes in place?</li> <li>Would requesters say you gave them clear information?</li> </ul><h2><a id="automated"></a>Rights related to automated decision-making and profiling</h2><div class="rt-block rt-amber"> <p>Your organisation can protect individual rights related to automated decision-making and profiling, particularly where the processing is solely automated with legal or similarly significant effects.</p> </div><h3>Ways to meet our expectations:</h3><ul> <li>You complete additional checks for vulnerable groups, such as children, for all automated decision-making and profiling..</li> <li>Your organisation only collects the minimum data needed and has a clear retention policy for the profiles created.</li> <li>If your organisation uses solely automated decisions that have legal or similarly significant effects on individuals, you have a recorded process to ensure these decisions only occur in accordance with <a rel="noopener" href="https://www.legislation.gov.uk/eur/2016/679/contents" target="_blank">Article 22</a> of the UK GDPR. If this applies, your organisation must also carry out a data protection impact assessment (DPIA).</li> <li>Where the decision is solely automated and has legal or similarly significant effects on individuals, a recorded process allows simple ways for individuals to request human intervention, express their opinion and challenge a decision.</li> <li>You conduct regular checks for accuracy and bias to ensure that systems are working as intended, and you feed this back into the design process.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Do staff and customers find your retention policy clear?</li> <li>Do staff say you have effective processes to protect rights relating to automated decision-making and profiling?</li> <li>Would individuals say you made it easy to request human intervention, express their opinion and challenge a decision?</li> </ul><h2><a id="Individual"></a>Individual complaints</h2><div class="rt-block rt-amber"> <p><span style="font-family: Verdana, Helvetica, Arial, sans-serif; font-size: 1.05em;">Your organisation has procedures to recognise and respond to individuals' complaints about data protection, and individuals are made aware of their right to complain. </span></p> </div><h3><span style="font-family: Verdana, Helvetica, Arial, sans-serif; font-size: 1.05em; font-weight: bold;">Ways to meet our expectations:</span></h3><ul> <li>You have procedures to handle data protection complaints raised by individuals and you report their resolution to senior management.</li> <li>The DPO’s contact details or alternative contact points are publicly available if individuals wish to raise a complaint about the use of their data.</li> <li>You tell individuals about their right to make a complaint to the ICO in your privacy information.</li> </ul><h3>Have you considered the effectiveness of your accountability measures?</h3><ul> <li>Would complainants say that they were clear about how to make complaints and how it would be handled? </li> </ul><div class="rt-block rt-green"> <p><strong>Further reading</strong></p> <p><strong>ICO guidance:</strong></p> <ul> <li><a data-id="7753f374-a792-4a4a-8be4-bddd4de4e59e" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/" title="Individual rights">Individual rights</a></li> <li><a data-id="34731f94-e88c-433f-b237-b29ae579c4e7" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-rectification/" title="Right to rectification">Right to rectification</a></li> <li><a data-id="a5bc433a-8fa1-4f8e-9be3-8299d1a512a7" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/" title="Right to erasure">Right to erasure</a></li> <li><a data-id="c0e85eca-1561-4e50-a944-13418fbc5067" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-restrict-processing/" title="Right to restrict processing">Right to restrict processing</a></li> <li><a data-id="59e17f99-002f-405a-8f52-6589ef47e30d" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-data-portability/" title="Right to data portability">Data portability</a></li> <li><a data-id="bbda2716-e058-44e0-87cf-a003588aac56" href="/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/rights-related-to-automated-decision-making-including-profiling/" title="Rights related to automated decision making including profiling">Rights related to automated decision making including profiling</a></li> <li><a data-id="ea007971-943f-403a-8119-d8c0a6597b2b" href="/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/" title="Children">Children</a></li> <li><a rel="noopener" href="https://ico.org.uk/media/about-the-ico/consultations/2617219/guidance-on-the-ai-auditing-framework-draft-for-consultation.pdf" target="_blank">Guidance on the AI Auditing Framework (draft)</a></li> </ul> </div> </div> </div> </div> </div> </div> <nav class="print:hidden inline-flex flex-col items-start gap-5"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/training-and-awareness/" class="group text-primary"> <div class="flex items-center"> <i class="icon icon-arrow-left text-4xl"></i> <span class="pl-3 flex flex-col"> <span class="text-lg font-semibold">Previous</span> <span class="text-sm underline underline-offset-4 decoration-dotted decoration-1 group-hover:decoration-solid">Training and awareness</span> </span> </div> </a> <a href="/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/accountability-framework/transparency/" class="group text-primary"> <div class="flex items-center"> <i class="icon icon-arrow-right text-4xl"></i> <span class="pl-3 flex flex-col"> <span class="text-lg font-semibold">Next</span> <span class="text-sm underline underline-offset-4 decoration-dotted decoration-1 group-hover:decoration-solid">Transparency</span> </span> </div> </a> </nav> </div> </div> </div> </main> <a href="#top" id="button-top" class="transition-opacity duration-500 flex items-center justify-center fixed right-4 bottom-4 z-10 rounded-full outline outline-white w-8 h-8 bg-primary opacity-0 hidden print:hidden"> <span class="icon icon-arrow-up text-white"></span> <span class="sr-only">Back to top</span> </a> <footer class="sticky top-[100vh] print:hidden"> <div class="lg:container px-4 border-t-2 border-dotted border-neutral-200 mt-6"> <div class="py-3"> <button onClick="window.print()" class="flex items-center group"> <i class="icon icon-printer text-lg text-white rounded-full p-1 bg-neutral-400"></i> <span class="ml-2 text-sm text-link group-hover:underline">Print this page</span> </button> </div> </div> <div class="bg-neutral-100"> <div class="lg:container px-4"> <div class="py-5 flex"> <div class="hidden md:block flex-auto"> <ul class="grid gap-4 grid-cols-4"> <li> <div class="mb-3"> <a href="/for-the-public/" class="font-serif text-serif-base text-link hover:underline">For the public</a> </div> <ul class="text-sm text-neutral-600 -mt-1"> <li class="mt-1"> <a href="/for-the-public/official-information/" class="hover:underline">Official information</a> </li> <li class="mt-1"> <a href="/for-the-public/nuisance-calls/" class="hover:underline">Nuisance calls</a> </li> </ul> </li> <li> <div class="mb-3"> <a href="/for-organisations/" class="font-serif text-serif-base text-link hover:underline">For organisations</a> </div> <ul class="text-sm text-neutral-600 -mt-1"> <li class="mt-1"> <a href="/for-organisations/uk-gdpr-guidance-and-resources/" class="hover:underline">UK GDPR guidance and resources</a> </li> <li class="mt-1"> <a href="/for-organisations/foi/" class="hover:underline">Freedom of information</a> </li> <li class="mt-1"> <a href="/for-organisations/eir-and-access-to-information/" class="hover:underline">EIR and access to information</a> </li> <li class="mt-1"> <a href="/for-organisations/direct-marketing-and-privacy-and-electronic-communications/" class="hover:underline">Direct marketing</a> </li> <li class="mt-1"> <a href="/for-organisations/advice-and-services/" class="hover:underline">Advice and services</a> </li> </ul> </li> <li> <div class="mb-3"> <a href="/action-weve-taken/" class="font-serif text-serif-base text-link hover:underline">Action we've taken</a> </div> <ul class="text-sm text-neutral-600 -mt-1"> <li class="mt-1"> <a href="/action-weve-taken/enforcement/" class="hover:underline">Enforcement action</a> </li> <li class="mt-1"> <a href="https://icosearch.ico.org.uk/s/search.html?collection=ico-meta&profile=decisions&query" class="hover:underline">Decision notices</a> </li> <li class="mt-1"> <a href="https://ico.org.uk/action-weve-taken/audits-and-overview-reports/" class="hover:underline">Audits</a> </li> </ul> </li> <li> <div class="mb-3"> <a href="/about-the-ico/" class="font-serif text-serif-base text-link hover:underline">About the ICO</a> </div> <ul class="text-sm text-neutral-600 -mt-1"> <li class="mt-1"> <a href="/about-the-ico/who-we-are/" class="hover:underline">Who we are</a> </li> <li class="mt-1"> <a href="/about-the-ico/what-we-do/" class="hover:underline">What we do</a> </li> <li class="mt-1"> <a href="/about-the-ico/media-centre/" class="hover:underline">Media centre</a> </li> <li class="mt-1"> <a href="/about-the-ico/jobs/" class="hover:underline">Careers</a> </li> <li class="mt-1"> <a href="/about-the-ico/modern-slavery-statement/" class="hover:underline">Modern Slavery Statement</a> </li> </ul> </li> </ul> </div> <div class="hidden md:block flex-auto mx-8 border-l-2 border-dotted border-neutral-400"> </div> <div class="flex-auto"> <div class="font-serif text-serif-base text-link mb-3">Follow us</div> <ul class="flex flex-col sm:flex-row md:flex-col sm:flex-wrap sm:gap-x-4 gap-y-2 text-sm text-neutral-600"> <li class="sm:flex-auto md:flex-none"> <a class="flex items-center hover:underline" href="https://twitter.com/iconews" target="_blank"> <img class="rounded-full mr-2" src="/media2/g1plb1os/twitter.svg?width=24&height=24&v=1db03b86976f0f0" width="24" height="24" alt="Icon for the Twitter @ICONews social link" /> <span>Twitter @ICONews</span> </a> </li> <li class="sm:flex-auto md:flex-none"> <a class="flex items-center hover:underline" href="http://www.youtube.com/user/icocomms" target="_blank"> <img class="rounded-full mr-2" src="/media2/z3vdkkxj/youtube.svg?width=24&height=24&v=1db042ab32beee0" width="24" height="24" alt="Icon for the YouTube social link" /> <span>YouTube</span> </a> </li> <li class="sm:flex-auto md:flex-none"> <a class="flex items-center hover:underline" href="http://linkedin.com/company/information-commissioner's-office" target="_blank"> <img class="rounded-full mr-2" src="/media2/cgdpvn4n/linkedin.svg?width=24&height=24&v=1db042ab2dda7d0" width="24" height="24" alt="Icon for the LinkedIn social link" /> <span>LinkedIn</span> </a> </li> <li class="sm:flex-auto md:flex-none"> <a class="flex items-center hover:underline" href="http://facebook.com/ICOnews" target="_blank"> <img class="rounded-full mr-2" src="/media2/g2nhkyjv/facebook.svg?width=24&height=24&v=1db03b86b4b62d0" width="24" height="24" alt="Icon for the Facebook social link" /> <span>Facebook</span> </a> </li> <li class="sm:flex-auto md:flex-none"> <a class="flex items-center hover:underline" href="/about-the-ico/media-centre/e-newsletter/"> <img class="rounded-full mr-2" src="/media2/thzeryz5/envelope.svg?width=24&height=24&v=1db03b86a1d4310" width="24" height="24" alt="Icon for the Subscribe to our e-newsletter social link" /> <span>Subscribe to our e-newsletter</span> </a> </li> </ul> </div> </div> </div> </div> <div class="bg-secondary"> <div class="lg:container px-4"> <div class="py-3 md:hidden"> <div class="font-serif text-center md:text-left text-white text-serif-base md:flex items-end md:pl-8 border-secondary border-dotted md:border-l-2"> <span>The ICO exists to empower you through information.</span> </div> </div> </div> </div> <div class="bg-primary"> <div class="lg:container px-4"> <div class="pt-2"> <ul class="-mx-3 flex flex-wrap text-white text-sm md:text-base"> <li class="mx-3 my-1"> <a href="/global/contact-us/" class="hover:underline">Contact us</a> </li> <li class="mx-3 my-1"> <a href="/global/privacy-notice/" class="hover:underline">Privacy notice</a> </li> <li class="mx-3 my-1"> <a href="/global/cookies/" class="hover:underline">Cookies</a> </li> <li class="mx-3 my-1"> <a href="/global/accessibility/" class="hover:underline">Accessibility</a> </li> <li class="mx-3 my-1"> <a href="/about-the-ico/who-we-are/wales-office/" class="hover:underline">Cymraeg</a> </li> <li class="mx-3 my-1"> <a href="/global/request-publications/" class="hover:underline">Publications</a> </li> <li class="mx-3 my-1"> <a href="/global/disclaimer/" class="hover:underline">Disclaimer</a> </li> <li class="mx-3 my-1"> <a href="/global/copyright-and-re-use-of-materials/" class="hover:underline">© Copyright</a> </li> </ul> </div> <div class="py-5"> <div class="md:flex md:items-center"> <div class="pr-4 mb-2 md:mb-0"> <img class="w-10" src="/media2/r34b3hma/ogl.png?width=40&height=16&v=1db03b8684a57d0" width="40" height="16" alt="" /> </div> <div class="prose prose-sm prose-white"> <p>All text content is available under the <a href="http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/">Open Government Licence v3.0</a>, except where otherwise stated.</p> </div> </div> </div> </div> </div> </footer> <script type="text/javascript" src="https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.min.js"></script> <script type="application/json" id="cookie-settings"> {"apiKey":"dbf86e044f3ab8c4df852af5c7c6ceb2dd7678dd","necessaryCookies":[".AspNetCore.Antiforgery.*","language"],"statement":{"description":"For more detailed information, see our","name":"Cookies page","url":"https://ico.org.uk/global/cookies/","updated":"04/09/2024"},"text":{"title":"Cookies on the ICO website","intro":"We use some essential cookies to make this site work. We\u0027d like to set analytics cookies to understand how you use this site. We may use services from Vimeo and YouTube that may also use cookies.","acceptSettings":"Accept non-essential cookies","rejectSettings":"Reject non-essential cookies","necessaryTitle":"Essential cookies","necessaryDescription":"These cookies are necessary for core functionality, such as security and network management. They always need to be on.","closeLabel":"Save and close","cornerButton":"Cookie options","on":"On","off":"Off"},"optionalCookies":[{"name":"analytics","label":"Analytics cookies","description":"We use Silktide to measure how you use the ICO website. These cookies collect information about how you got to the site, the pages you visit and how long you spend on each page, and what you click on."},{"name":"videoPlayer","label":"Video player cookies","description":"We use services from Vimeo and YouTube to show you embedded videos on the ICO website. Vimeo and Google may use cookies to receive information about the videos you watch for analytics and advertising purposes."}]} </script> <script type="text/plain" id="silktide-settings">12d0c703744ea255b679f823daf1645f</script> <script type="text/javascript" src="/js/index.js?v=TYEGb_GH5SkF5NJRh7cZpx-oDut7QIjlT7FB7jistDU"></script> </body> </html>

CINXE.COM

Individuals’ rights | ICO