Changeflow GovPing Government ICO Guidance on Individual Rights and GDPR
Routine Guidance Amended Final

ICO Guidance on Individual Rights and GDPR

Favicon for ico.org.uk ICO GDPR Guidance
Detected February 6th, 2026
Email

Summary

The UK's Information Commissioner's Office (ICO) has updated its guidance on individual rights under GDPR. This update is in anticipation of the Data (Use and Access) Act 2025 and indicates that further changes may occur. The guidance is primarily aimed at large businesses.

View original document View source feed page

What changed

The Information Commissioner's Office (ICO) has issued updated guidance concerning individual rights under the UK GDPR. This guidance is currently under review due to the upcoming Data (Use and Access) Act 2025, with potential for further revisions. The document provides detailed information on privacy notices, subject access requests (SARs), the right to be informed, automated decision-making, and profiling, alongside resources for businesses.

While this guidance is non-binding, it outlines best practices for compliance with data protection regulations. Organisations, particularly large businesses in the public, private, and third sectors, should review this guidance to ensure their data handling practices align with current and anticipated requirements. Small businesses are directed to separate resources. The ICO has indicated that this guidance may be subject to change as legislative developments occur.

Source document (simplified)

Individual rights - guidance and resources

Brief guidance

A guide to individual rights

Brief guidance covering privacy notices, subject access requests, deleting and changing information, stopping and restricting processing, moving information and making automated decisions about people.

Detailed guidance

The right to be informed (privacy notices)

When, how and what should you tell people about how their information is used.

The right of access (subject access requests)

What is a subject access request (SAR), how to recognise them, when and how to respond to them and how to manage health, social work and education information in relation to SARs.

Automated decision-making and profiling

What is automated individual decision-making and profiling, what does the UK GDPR say about when and how you can carry out automated decision-making.

Resources

Better records together - our care records standards

Care records standards for organisations that hold or create care records and respond to requests for access to those records

Find Subject Access Request (SAR) resources

A quick reference guide to help you find the content you need on each subject access request topic.

Training videos: individual rights

Recordings of ICO staff training on the data protection principles, available for you to reuse.

Help us improve our website

Was this page helpful? (optional) Yes No

Related changes

Favicon for ico.org.uk ICO Open Letter to Tech Firms on Age Checks and Child Data Protection
Priority review Mar 12, 2026 ICO News & Blogs Data Protection
Favicon for ico.org.uk ICO Fines Police Scotland £66,000 for Data Mishandling
Priority review Mar 11, 2026 ICO News & Blogs Data Protection
Favicon for ico.org.uk ICO Upholds FOI Complaint Against NHS Trust
Priority review Mar 10, 2026 ICO Decision Notices Data Protection
Favicon for www.pcpd.org.hk Hong Kong PCPD Arrests Two for Suspected Doxxing
Urgent Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Global Privacy Authorities Joint Statement on AI-Generated Imagery
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Privacy Commissioner Reports 2025 Work and Data Security Incidents
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection

Source

Favicon for ico.org.uk
ICO GDPR Guidance ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources
Government
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Information Commissioner's Office
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Employers Public companies Retailers
Geographic scope
National (UK)

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
GDPR Individual Rights

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Government alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ICO GDPR Guidance publishes new changes.

Free. Unsubscribe anytime.