Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO calls for views on enforcement procedural guidance

Nov 7, 2025 | ICO

Link(s):ICO call for views on enforcement procedural guidance | ICO
ICO consultation on data protection enforcement procedural guidance | ICO
SG on our regulatory action
Guide to Law Enforcement Processing | ICO

Context

The ICO is calling for views on new guidance setting out how it approaches investigations and takes enforcement action. The consultation will run for 12 weeks until Friday 23 January 2026.  It has also confirmed that it has updated the ‘Principles’, ‘Logging for law enforcement’ and ‘National security exemption’ sections of its Guide to Law Enforcement Processing , to reflect amendments from the Data (Use and Access) Act.

Key points to note and next actions

The guidance aims to increase transparency about the process followed when the ICO suspects an organisation has failed to comply with its legal obligations to protect people’s personal information under the UK General Data Protection Regulation and Data Protection Act 2018. 

The guidance includes explanations covering: 

  • How the ICO decides whether to open an investigation and the other ways it may seek to resolve any concerns.
  • What to expect from the ICO during an investigation.
  • How the ICO will use information gathering powers, including new powers under the Data (Use and Access) Act 2025 to require people to answer questions and organisations to provide reports. 
  • How the ICO decides on the outcome of an investigation and use of enforcement powers, such as warnings, reprimands, and enforcement and penalty notices.
  • When the ICO considers settlement with a reduced fine is appropriate and the process involved. 

When finalised, the new guidance will sit alongside the ICO’s Data Protection Fining Guidance published last year. The Data (Use and Access) Act 2025 also includes provisions that will bring the ICO’s investigatory and enforcement powers under the Privacy and Electronic Communications Regulations 2003 (PECR) broadly into line with its powers under the data protection legislation.  

You can respond to the consultation by completing the online survey, available through Citizen Space.

Alternatively, you can download the consultation questions and either email your response to epg@ico.org.uk (as a Word document or text-searchable PDF) or print your response and post it to: 

  • DP Enforcement Procedural Guidance Team (Legal Service), Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF