What is the ICO? The UK's data protection regulator

What the ICO is

The Information Commissioner's Office — almost always shortened to the ICO — is the United Kingdom's independent regulator for data protection and information rights. In plain terms, it is the public body responsible for upholding the rules about how organisations collect, store, and use personal data in the UK.

The ICO is independent of government and reports to Parliament. Being independent matters: it means the regulator can hold both companies and public bodies to account without taking instructions on individual cases. It is led by the Information Commissioner and is funded in large part by the data protection fees that organisations pay to register with it.

If you have ever wondered who you can turn to when an organisation mishandles your personal data in the UK, the ICO is the answer. It is the supervisory authority — the body the law points to as the place to raise a concern. This is general information, not legal advice.

What the ICO actually does

The ICO's role is broad, but it tends to fall into a few clear areas. It oversees the UK's data protection law, keeps a public record of the organisations that are registered with it, publishes guidance, and looks into complaints from members of the public.

Two of these are worth knowing about as an individual. First, the ICO maintains a public register: many organisations that process personal data must pay a data protection fee and register their details, and that register is searchable by anyone. Second, the ICO handles complaints — if you believe an organisation has not handled your personal data properly, you have the right to raise it with the ICO, free of charge.

• Oversees the UK GDPR and the Data Protection Act 2018 — the UK's core data protection rules.
• Maintains a public register of organisations that pay the data protection fee.
• Publishes plain-English guidance for both individuals and organisations.
• Looks into complaints about how organisations have used personal data.
• Can take action against organisations that break the rules, in line with its powers.

The ICO and OSINTA

OSINTA is operated by a registered UK company, OSINTA LTD (Companies House number 17263144). Because the company processes personal data in the UK, it is registered with the ICO under reference ZC174082, valid until 13 June 2027. That registration is a public accountability record: anyone can look it up on the ICO's own register.

We point to the ICO for two reasons. The first is honesty about where we sit — the ICO is our home regulator, and the UK GDPR and the Data Protection Act 2018 are the rules we operate under. The second is that the same regulator stands behind your rights. The right to see your data, to ask for it to be corrected or erased in certain circumstances, and to complain if an organisation gets it wrong are all overseen by the ICO.

OSINTA helps you understand your own digital footprint and frame and route your own data-rights requests — you decide every step. If you are ever unsatisfied with how an organisation, including us, has handled your personal data, the route to the ICO stays open to you. This is general information, not legal advice; for guidance on your own situation, consider speaking with a qualified professional.

Frequently asked questions

Related terms

• Data protection regulator
• GDPR (General Data Protection Regulation)
• Data controller