Data Protection Act

Your responsibilities and obligations to data protection

If you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 1998.

Find out answers to key questions, notify with us, and read our guidance - including topic guides on the right hand side.

Key questions

• How do I respond to a subject access request?
• Can I send personal data overseas?
• What security measures should I take to protect the personal data I hold?
• What should I do if I lose personal data?
• How can I work with the ICO to improve my processing of personal data?

Guide to Data Protection

Our Guide to Data Protection contains definitions, principles and practical examples.

Guidance index

A full list of our data protection guidance is available in our guidance index.

Need to notify under the Data Protection Act?

The Data Protection Act 1998 requires every organisation processing personal data to notify with the ICO, unless they are exempt. Find out whether you need to notify, how to notify, and how to maintain your register entry.

Useful items

Member of the public?
Find out how to protect and manage your personal information.
Legislation
Read the full text of the legislation covered by the ICO.
Sector guides
Where do you work? We’ve produced a set of sector specific guides.

FAQs

Read all our FAQs

Quick links

Search