Our Information Rights Strategic Plan sets out the Commissioner’s mission for her term of office.

You can read the full plan here but, in short:

• It commits us protecting the public in a digital world.
• It commits us to leading implementation and effective oversight of the GDPR and other data protection reforms like the e-privacy Regulation and Law Enforcement Directive.
• It commits us to exploring innovative and technologically agile ways of protecting privacy. Read more in our Technology Strategy.
• It commits us to strengthening transparency and accountability and promoting good information governance.
• It commits us to maintaining and developing our influence within the global information rights regulatory community. You can read our International Strategy here.
• And it commits us to providing a world class reporting, assessment and investigation service to ensure UK citizens are protected from harm caused by cyber attacks.

You can read about the legislation we regulate here.

The GDPR is the centrepiece of a package of EU data protection reforms and brings a 21st century approach to data protection legislation. It provides greater protections for the public and enhanced obligations for organisations.

We have provided a range of resources to help organisations comply including a Guide to the GDPR and bespoke tools for small organisations and specific sectors such as health, schools and local government.

The Commissioner and ICO colleagues regularly write blogs and make speeches about issues relating to privacy, transparency and information rights.

The new Information Commissioner, John Edwards, started in January 2022.

Mr Edwards was educated in New Plymouth, New Zealand and achieved a Bachelor of Laws and Masters in Public Policy at the University of Wellington.

He worked as a solicitor and barrister for more than 14 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information.

From February 2014 to December 2021 he was New Zealand Privacy Commissioner. During that time he chaired the International Conference of Data Protection and Privacy Commissioners (now known as the Global Privacy Assembly), and was a member of the OECD’s Informal Group of Experts on Children in the Digital Environment.

We prefer education, engagement and encouragement over enforcement. But we have a range of tools at our disposal to change the behaviour of organisations and individuals that do not comply with the law.

Under the GDPR, we will have the power to fine up to £17million or 4 per cent of an organisation’s global turnover, whichever is greater.

Recent action taken over nuisance calls can be found here.

Recent action taken over data protection breaches can be found here.

Information about other types of action including criminal prosecutions can be found here.

We are developing a new Regulatory Action Policy which will be formally presented at our annual conference for Data Protection Practitioners on 9 April.

As our remit and impact grows, so does our reliance on first class media and communications relationships and management.

Our staff and our work regularly feature in news and current affairs items on television, radio, print media and on-line. We have a professional communications department, including a 24/7 Press Office service, to field queries and ensure that the ICO is on the front foot when news stories break.

We rely on excellent and accessible communications to engage with the public through our website and newsletters, and are building our reputation as a regulator of renown and impact.

You can read our press releases here.

We have 80,000 followers on Twitter, 55,000 on LinkedIn and 8,000 on Facebook. Our monthly e-newsletter is received by 150,000 subscribers. Don’t link to the newsletters we aren’t putting them out at the moment

Organisational Structure https://ico.org.uk/about-the-ico/who-we-are/organisational-structure