In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Our Strategic Plan sets out our regulatory focus:
We believe that we can be an effective regulator by ensuring we take action in four areas in relation to data harms:
Intelligence gathered from our 'detect' and 'enforce' helps us predict where the potential for harm is.
Knowing where there is potential for harm allows us to raise awareness and empower citizens to try to prevent harms from happening. We do this awareness-raising via
When data harms have occurred we must have effective mechanisms for individuals affected to make a formal complaint about an organisation, and we must have a mechanism that allows controllers/processors to report a data breach to us.
Enforcement action is the last resort, and cannot undo the harm that has occurred. Where we find that an organisation has not complied with their statutory obligations, our findings will be made public here on this page* as this allows other organisations to learn from what went wrong.
* unless to do so would cause further harm to the complainants