We hope you enjoy discovering more about our work,
wide range of career opportunities and the exciting future
we could offer you.



Opportunities with the ICO

Second headline

Paragraph or location

About Information Commissioner's Office

Who we are and what we do

The ICO is a statutory regulator independent of government, set up to uphold the information rights of UK people.

We are responsible for 11 pieces of legislation in total, although we are most associated with ensuring individuals’ data privacy through the Data Protection Act, promoting openness in public bodies through the Freedom of Information Act and tackling the blight of nuisance calls through the Privacy and Electronic Communications Regulations.

From 25 May, we will regulate the General Data Protection Regulation (GDPR) and the new UK Data Protection Act that is currently going through Parliament.

We educate, advise and raise awareness of information rights on a national and global level. Where necessary we invoke our powers to take enforcement action against organisations that consistently, deliberately or negligently fail to comply with the law.

Our Head Office is based near Manchester in Wilmslow, Cheshire. And we have regional bases in Edinburgh, Cardiff and Belfast as well as an office in London.

Our mission

Our Information Rights Strategic Plan sets out the Commissioner’s mission for her term of office up until March 2021. You can read her blog post about it here.

You can read the full plan here but, in short:

  • It commits us protecting the public in a digital world.
  • It commits us to leading implementation and effective oversight of the GDPR and other data protection reforms like the e-privacy Regulation and Law Enforcement Directive.
  • It commits us to exploring innovative and technologically agile ways of protecting privacy. To this end, we’ve just published our first ever Technology Strategy which you can read here.
  • It commits us to strengthening transparency and accountability and promoting good information governance.
  • It commits us to maintaining and developing our influence within the global information rights regulatory community. You can read our International Strategy here.
  • And it commits us to providing a world class reporting, assessment and investigation service to ensure UK citizens are protected from harm caused by cyber attacks.
What we do

You can read about the legislation we regulate here.

From 25 May, the General Data Protection Regulation (GDPR) and the new UK Data Protection Act that is currently going through Parliament will replace the Data Protection Act 1998.

The GDPR is the centrepiece of a package of EU data protection reforms and brings a 21st century approach to data protection legislation. It provides greater protections for the public and enhanced obligations for organisations.

We have provided a range of resources to help organisations comply including a Guide to the GDPR and bespoke tools for small organisations and specific sectors such as health, schools and local government.

The Information Commissioner has also written a series of blogs to bust some of the myths around the GDPR such as heavy fines, excessive burden and the importance of recognising compliance with the new law as an ongoing process.

The Information Commissioner

Elizabeth Denham was appointed UK Information Commissioner in July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada and Assistant Privacy Commissioner of Canada.

In 2018, she was named as the most influential person in data-driven business in the DataIQ 100 list.

You can read more about her background, achievements and aspirations here. You’ll also find links to speeches she has delivered and blogs she has written.

Elizabeth heads up the ICO’s management board.

Taking action

We prefer education, engagement and encouragement over enforcement. But we have a range of tools at our disposal to change the behaviour of organisations and individuals that do not comply with the law.

Under the GDPR, we will have the power to fine up to £17million or 4 per cent of an organisation’s global turnover, whichever is greater.

Recent action taken over nuisance calls can be found here.

Recent action taken over data protection breaches can be found here.

Information about other types of action including criminal prosecutions can be found here.

We are developing a new Regulatory Action Policy which will be formally presented at our annual conference for Data Protection Practitioners on 9 April.

Media and communications

We raise the profile of our advisory work, achievements and regulatory action through the full range of print, online, broadcast and social media.

You can read our press releases here.

We have 52,000 followers on Twitter, 24,000 on LinkedIn and 5,000 on Facebook. Our monthly e-newsletter is received by 150,000 subscribers. You can read current and back issues here.

About ICO