Information Commissioner meaning

The general (that is, not linked to specialist fields such as law enforcement) data protection laws in the UK consist of: Assimilated Regulation (EU) 2016/679 — the UK General Data Protection Regulation (UK GDPR), a version of Regulation (EU) 2016/679 (EU GDPR) incorporated into UK law following Brexit; the relevant provisions of the Data Protection Act 2018 covering general personal data processing, the powers of the Information Commissioner, and sanctions and enforcement. For further detail, see Practice Note: The UK General Data Protection Regulation (UK GDPR). UK GDPR The UK GDPR sets requirements for anyone who processes personal data—covering both data controllers and data processors. An Insolvency Practitioner (IP) may act in either or both capacities. Their duties stem both from their formal appointments and from any position they hold within an organisation. In the former context, they will handle data controlled by the insolvent individual or entity, as well as information they obtain during the course of the...

The EU General Data Protection Regulation (EU GDPR) sets out several rights for data subjects, including the right to access their personal data, and rights to rectification, erasure, restriction of processing and data portability. Data subjects may ask an organisation to exercise one or more of these rights at any time, and strict deadlines apply to meeting such requests. For comprehensive guidance on managing data subject access requests, see Practice Note: Ireland-How to handle data subject access requests. This Flowchart outlines a process for dealing with data subject requests made under the EU GDPR. It reflects the Regulation’s requirements alongside guidance issued by the Data Protection Commissioner (DPC), and should be read with Practice Note: Ireland-How to handle data subject access requests and Ireland-Evaluating a data subject access request-flowchart, where relevant. Note 1-data subject requests The EU GDPR grants data subjects a number of rights, including: a right of access to their personal data rights to rectification, erasure and restriction of processing a...

In this issue: Air emissions and climate change Contamination and pollution Energy efficiency and buildings Energy for environmental lawyers Environmental information Environmental taxes, reliefs and incentives ESG and sustainability Hazardous substances and chemicals Nature, biodiversity and habitat conservation Waste Water, flooding and drainage Daily and weekly news alerts New and updated content Air emissions and climate change Greenhouse Gas Removals (GGR)-UK government publishes Business Model documentation On 27 August 2025, the Department for Energy Security and Net Zero (DESNZ) released a suite of papers on its proposed Greenhouse Gas Removals (GGR) Business Model and accompanying policy. The Lexis+ Energy team, working with Navraj Singh Ghaleigh, Senior Lecturer in Climate Law at the University of Edinburgh Law School, set out the context for the GGR Business Model; its relationship with the Power BECCS Business Model; the technologies the GGR framework intends to encompass; its legal footing and principal features; and how...

In this issue: Horizon scanning Directors Status and worker categories Cross-border, international and jurisdictional issues Recruitment Protected characteristics Prohibited Conduct (discrimination etc) Diversity and gender pay gap Maternity, parents and carers Financial services and banking: employment issues Data protection and employee information Bribery, modern slavery, tax evasion and fraud Employment Tribunals Scotland Ireland LexTalk®Employment: a Lexis®Nexis community Dates for your diary Trackers New Q&As Employment resources on Lexis+® Daily and weekly news alerts Horizon scanning BTC launches call for evidence on Employment Rights Bill The Business and Trade Committee (BTC) has opened its first request for evidence for a new inquiry into the Employment Rights Bill (ERB). The inquiry will collect written and oral submissions to steer the Bill’s subsequent passage through Parliament and to gauge whether it is set to meet its stated aims. Written evidence should be submitted by Friday...

Abbot v The Information Commissioner [2024] UKFTT 478 (GRC) What are the practical implications of this case? This ruling mirrors the approach in other recent decisions on the operation of the exception to disclosure under EIR 2004, SI 2004/3391, reg 12(5)(b), again stressing the considerable weight that legal professional privilege carries within our justice system. It therefore highlights the obstacles applicants will encounter when attempting to access documents protected by legal professional privilege, and that only ‘special or unusual’ circumstances are likely to be sufficient for the public interest in disclosure to prevail over the interest in preserving legal professional privilege. That said, legal professional privilege was not the Tribunal’s only concern when concluding that EIR 2004, SI 2004/3391, reg 12(5)(b) applied. The Tribunal indicated that the exception would have been engaged even without legal professional privilege, particularly because releasing the material would not have added anything of substance to what is already in the public domain. As such, the analysis turned on whether disclosure would materially add...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025) and taking partial effect on that same date. Provisions of DUAA 2025 dealing with issues such as handling data subject access requests, and granting the power to make further regulations, commenced immediately on 19 June 2025. Other elements, relating to notices issued by the Information Commissioner and certain facets of law enforcement processing, began to apply on 19 August 2025 (being two months from the date of Royal Assent). The bulk of DUAA 2025’s measures will only commence once additional regulations, by way of statutory instruments, are made and brought into force. Parts 5 and 6 of DUAA 2025 operate to revise and update areas of UK data protection and ePrivacy law within the UK, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations...

ARCHIVED: This archived Practice Note outlines the data protection framework prior to 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). It is provided for background reference only and is not maintained. Information Commissioner Under the DPA 1998, the Information Commissioner and officials at the Information Commissioner’s Office (ICO) are responsible for enforcement. The Commissioner reports directly to Parliament. promote sound practice and compliance with the DPA 1998 by data controllers publish information and provide advice produce codes of practice international co-operation: with the European Commission and supervisory authorities in other European Economic Area (EEA) states in respect of the United Kingdom’s international obligations concerning the Council of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data The ICO has issued a guide to data protection to support data controllers. The ICO website also provides numerous...

Practice Note This Practice Note consists of two strands created to help dispute resolution practitioners remain up to date with developments in case law that affect their field, or which influence civil litigation procedure more generally: selected forthcoming appeals to the Supreme Court are highlighted below; see Key forthcoming appeals to the Supreme Court—2022 summaries of significant appeal decisions in England and Wales (ie rulings of the Court of Appeal and Supreme Court and, where appropriate, certain judgments of the Competition Appeal Tribunal, Judicial Committee of the Privy Council, Court of Justice of the European Union), and ECtHR, which we have covered; see: Key forthcoming appeal cases—2022 You can navigate this content using the table of contents in the left-hand margin. Alternatively, search this tracker using [CTRL]+[F]. This material is not intended to be a comprehensive register of every appeal or major decision relevant to dispute resolution practitioners. Key forthcoming appeals to the Supreme Court—2022 Tort and negligence ...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025), with partial commencement on that very same day. A number of DUAA 2025 provisions, covering areas like handling data subject access requests and granting powers to make additional regulations, took effect immediately on 19 June 2025. Other related provisions, relating to Information Commissioner notices and certain aspects of law enforcement processing, commenced on 19 August 2025 (being two months from the date of Royal Assent). The majority of DUAA 2025’s measures still require further regulations, in the form of statutory instruments, to be made in order to bring them fully into force. Parts 5 and 6 of DUAA 2025 serve to amend several facets of data protection and ePrivacy law in the UK, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI...

FORTHCOMING CHANGE On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, thereby transforming into the Data (Use and Access) Act 2025 (DUAA 2025) and taking partial effect immediately on that same day. Parts 5 and 6 modify elements of UK data protection and ePrivacy law across the domestic framework, expressly covering the United Kingdom General Data Protection Regulation, the Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, as relevant measures. Some DUAA 2025 measures, addressing issues like handling data subject access requests and granting authority to make further regulations, also commenced straightaway on 19 June 2025 without delay. Other elements, relating to notices from the Information Commissioner and certain facets of law enforcement processing, take effect on 19 August 2025 (two months after Royal Assent was given). Most DUAA 2025 provisions depend on subsequent regulations (as statutory instruments) being made before they commence and, until then, remain dormant...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill obtained Royal Assent and became the Data (Use and Access) Act 2025 (DUAA 2025), with parts commencing that day. Measures that started immediately on 19 June 2025 included those on handling data subject access requests and the grant of powers to make further regulations. Other elements, relating to notices issued by the Information Commissioner and particular aspects of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 will only take effect once additional regulations—issued as statutory instruments—are made to commence them. Parts 5 and 6 of DUAA 2025 introduce amendments to the UK’s data protection and ePrivacy regime, including: the United Kingdom General Data Protection Regulation; the assimilated Regulation (EU) 2016/679 (UK GDPR); the Data Protection Act 2018; and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426...

We have concentrated specifically on sections 108–110 of the Digital Economy Act 2017 (DEA 2017) and sections 132–133 of the draft Data Protection Bill 2017 (DPB 2017) for the purposes of this Q&A. Part III of the Data Protection Act 1998 (DPA 1998) obliges data controllers who handle personal data to notify the Information Commissioner of their processing for inclusion in the register maintained by the Information Commissioner’s Office (ICO). Controllers seeking to register must pay an applicable fee. For further details, consult the Data Protection (Notification and Notification Fees) Regulations 2000, SI 2000/188, and official guidance from the Information Commissioner...