What is the Information Commissioner’s Office (ICO)?

The Information Commissioner’s Office is the UK’s leading institution that is dedicated to upholding the information and data rights of British citizens. It’s a non-governmental institution that focuses on data privacy and protection in particular. With backing from the UK government, the ICO proposes and oversees data privacy and related legislation in the public’s interest. The ICO is most known for its role in enforcing the EU’s General Data Protection Regulation (GDPR).

Why does the ICO exist?

Data privacy is one of the foremost issues of the 21st century. With much of the modern economy shifting towards online environments, data has become a vital asset and a commodity as (if not more) valuable than oil. While innovation and technology is hugely beneficial, the immense volumes of data created can pose risks if not managed correctly. It is with that in mind that the ICO regulates companies to protect the data rights of individuals. The Information Commissioner’s Office (ICO) is among the global leaders in data privacy regulations. With proactive regulatory work, the ICO set the standard for regulations for much of Europe.

A brief history

The ICO was established in 1984 with just ten people, who focused on data protection. The lead executive was Eric Howe, formally recognized as the Data Protection Registrar. Howe quickly introduced the Data Protection Act of 1984. Over the next few decades, the ICO’s influence and power increased substantially and they established a precedent of enforcement against non-compliant actors.

Today, the ICO employs over 500 staff members and handles hundreds of thousands of data complaints each year. Regulatory fines can be well into the millions for companies who fail to comply.

Key activities of the ICO

• Introducing data legislation: The ICO is the prominent institution in the UK that crafts data legislation on behalf of its citizens.
• Receive and investigate complaints: Both UK citizens and businesses can send data-related complaints to the ICO. If the ICO receives a significant amount of complaints, they will launch an investigation and take necessary steps.
• Corrective actions: The ICO can penalise organisations that violate the data rights of British citizens. The corrective actions that the ICO can take come in the form of fines, legal investigations and potentially shutting down of operations in the UK.

Who must comply?

UK businesses and organisations

Businesses and organizations based in the UK are the first category of entities that are subject to ICO compliance. Since UK-based entities have the vast majority of their customer base in the UK, they are far more likely to deal with ICO regulations.

Global companies with UK customers

The vast majority of companies with any UK presence, online or offline, have heard of GDPR. The ICO is the principal institution behind GDPR, so companies should be familiar with ICO. Virtually any company that interacts with data from UK based users are liable to ICO compliance. This means if UK users can access your website, you need to be compliant with ICO guidelines.