The Information Commissioner's Office (ICO)
The Information Commissio
Subscribe to the company
The Information Commissioner's Office (ICO)


The Information Commissioner's Office (ICO)

The Information Commissioner's Office (ICO)

Politics and Administration


The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independent regulatory office (national data protection authority) dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.

Role of the Information Commissioner

The Information Commissioner is an independent official appointed by the Crown. The Commissioner's decisions are subject to appeal to an independent tribunal and the courts. The Commissioner's mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".[1]

The role of Information Commissioner is currently held by John Edwards, who succeeded Elizabeth Denham on 3 January 2022.[2]

John Edwards[edit]
See also: John Edwards (regulator)
On 26 August 2021, John Edwards was named as the new Information Commissioner, replacing Elizabeth Denham. The UK government said he would "go beyond the regulator's traditional role" and that the job would now be "balanced" between protecting rights and promoting "innovation and economic growth". It also said that protection for privacy should be done "in as light a touch way as possible", that it would prioritise allowing personal data to be sent internationally to places such as the United States, Korea, Singapore, Dubai and Colombia, among others, that it wanted a data policy that delivered a "Brexit dividend" for businesses (c.f. individuals alone) and that it wanted to get rid of "endless" cookie popups.[3] Promoting economic growth is not one of the ICO's functions recognised at law and as such this new role creates the potential for conflict with its statutory functions, set out for example in section 115 of the Data Protection Act 2018 and the UK GDPR,[4] and/or the risk that it may potentially take actions which are ultra vires. Since promoting economic growth has not previously been one of its roles (it was announced on 26 August 2021 that it is something that the job would "now" involve and it is not set out in statute),[3] then logically, promoting economic growth is to come at the expense of the protection of rights, since that protection has not previously been balanced with it. As of 26 August 2021, the ICO's website states that it is "The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".[5]

Elizabeth Denham[edit]
See also: Elizabeth Denham
Since Elizabeth Denham was appointed Britain's Information Commissioner in 2016, the ICO has undertaken high-profile investigations into Equifax, Yahoo, Talk Talk, Uber, and Facebook; issuing the maximum fine under the Data Protection Act 1998 of £500,000 to Facebook,[6] for breaches of data protection law. Denham has also overseen the conclusion of the ICO's investigation into charities' fundraising activities and a series of fines for companies behind nuisance marketing.[7]

Elizabeth Denham welcomed the introduction of the General Data Protection Regulation (GDPR)[8] that came into effect in May 2018, as well as the Data Protection Act 2018.[9]

In October 2018 she was elected chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC), the leading global forum of data protection and privacy authorities, encompassing more than 120 members across all continents that works throughout the year on global data protection policy issues.

Christopher Graham

During his time as Information Commissioner, Christopher Graham was noted for gaining new powers to issue monetary penalties to those who breach the Data Protection Act 1998. He has also welcomed new powers to issue monetary penalties under the Privacy and Electronic Communications Regulations, as well as raising concerns over harm and distress caused by nuisance call to the public. Christopher Graham succeeded Richard Thomas in 2009.

Richard Thomas

During Richard Thomas' tenure as Commissioner, the ICO was particularly noted for raising serious concerns over the Government's proposed British national identity card and database, as well as other similar databases such as the Citizen Information Project, Universal Child Database, and the NHS National Programme for IT, stating that the country is in danger of sleepwalking into a surveillance society, drawing attention to the misuse of such information by the former states of the Eastern bloc and Francisco Franco's Spain.

Data Protection Act 2018

The Data Protection Act 2018 received royal assent on 23 May 2018. It updates data protection laws in the UK, supplementing the General Data Protection Regulation (GDPR), implementing the EU law enforcement directive, and extending data protection laws to areas not covered by the GDPR. The new Act aims to modernise data protection laws to ensure they are effective in the years to come.

The data protection charge on UK data controllers to support the Act is under the Data Protection (Charges and Information) Regulations 2018. Exemptions from the charge were left broadly the same as for the previous Act: largely some businesses and non-profits internal core purposes (staff or members, marketing and accounting), household affairs, some public purposes, and non-automated processing. The register of fee payers, which excludes those data controllers that are exempt from paying a fee, is publicly available and searchable at the website of the ICO, which also gives links to the ICO's counterparts around Europe.

Data Protection Act 1998

The United Kingdom as a member of the European Union was, and as a former member still is, subject to a strict regime of data protection. The Data Protection Act 1984 created the post then named Data Protection Registrar with whom people processing personal data had to register the fact of their processing of that data on the register of data controllers. Under the provisions of EC Directive 95/46 (introduced in the UK as the Data Protection Act 1998, rather than as an SI under the European Communities Act 1972), the name of the post was changed to Data Protection Commissioner and later to Information Commissioner.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. The GDPR came into force on 25 May 2018 and sets out requirements for how organisations need to handle personal data. It forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). Following the UK's departure from the EU on 31 January 2020, the GDPR continues to be part of British domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018.

Freedom of Information Act 2000 and Environmental Information Regulations 2004

In 2005 the Commissioner's role was expanded to include enforcement of the Freedom of Information Act 2000 and Environmental Information Regulations 2004 and the name of the position was changed from Data Protection Commissioner to Information Commissioner ('IC'). Enforcement of the Freedom of Information (Scotland) Act 2002, which applies to devolved public authorities in Scotland, is the responsibility of the Scottish Information Commissioner, a separate public official, as the British Act does not apply to these authorities.

The ICO issues guidance on Freedom of Information legislation, which is being updated in accordance with its strategic plan 2019/20 - 2021/22, Openness by Design.[15]

Privacy and Electronic Communications Regulations (EC Directive) 2003 (PECR)

In November 2011 the ICO was given the powers to impose monetary penalties of up to £500,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). PECR applies to organisations that wish to send marketing messages through electronic means i.e. phone, fax, email, text; use cookies or provide electronic communication services to the general public. As with the GDPR, these regulations continue to apply following Brexit.

Nuisance calls

In March 2013, commenting on a fine of £90,000 imposed on Cumbernauld fitted kitchen company DM Design for nuisance marketing calls, the Information Commissioner said that "this fine will not be an isolated penalty. We know other companies are showing a similar disregard for the law and we've every intention of taking further enforcement action against companies that continue to bombard people with unlawful marketing texts and calls." In 2014, the Government changed the law to "lower the legal threshold for consumer harm". This made it easier for the ICO to "take enforcement action against more organisations breaching the Privacy and Electronic Communications Regulations (PECR)".

In October 2018 the ICO fined two companies a total of £250,000 that made nearly 1.73 million direct marketing phone calls to people registered with the Telephone Preference Service (TPS). In December 2018, the Commissioner welcomed the new law that means the ICO can now hold company bosses directly responsible and has the power to fine them personally for breaches of the Privacy and Electronic Communications Regulations (PECR).

Environmental Information Regulations 2004

The Information Commissioner is also responsible for appeals made under the Environmental Information Regulations 2004.


Take place
Take place


English business portal includes a huge catalog of organizations in England. Here you can easily find all the necessary information about the company. The organization card contains a page with a detailed description of the company's activities, a logo, contact details and a link to the official website of the organization. The reader can also get acquainted with the company's employees, see the latest press releases and news block, as well as which line of the rating the company occupies. Member Rating The business portal is calculated based on the number of mentions in the news of England and posted press releases containing information about the activities of the organization and its achievements. You can also rise in the ranking by publishing vacancies and the number of registered persons. At the same time, the company's representatives can independently see how many times the company's card has been viewed on, as well as promptly correct the information. We pay special attention to the versatility of the "Companies" section. For your convenience, there is a search bar, as well as an industry title. The English business portal is always an up-to-date database of enterprises in England!
Alena Potapova

Development Director
Died this year
Born this year