An opportunity to have your say on how the ICO uses its powers to investigate, regulate and enforce

The Information Commissioner’s Office has launched a consultation on how it regulates the laws it monitors and enforces. The regulator is seeking views on three documents which together set out how the ICO aims to carry out its commitment to uphold information rights for the UK public in the digital age. It forms part of the Government’s reform proposals for a new data regulation regime with key actions for the ICO.

These documents are:

The Regulatory Action Policy (RAP) updates the ICO’s 2018 policy and reinforces its commitment to a proportionate and risk-based approach to enforcement. It explains the factors the ICO will take into consideration before taking regulatory action such as monetary penalties, stop-processing orders or compulsory audits. It also sets out how the ICO promotes best practice and ensures compliance and how it works with other regulators.

The RAP covers all 11 pieces of legislation that the ICO is responsible for including the UK GDPR, Data Protection Act 2018, Freedom of Information Act and the Privacy and Electronic Communications Regulations.

Part B of the draft RAP reminds public authorities of the ICO’s regulatory responsibility under section 47 of the Freedom of Information Act and the regulatory action it can and will take, if required. The RAP also sets out the ICO’s approach to the Re-use of Public Sector Information Regulations which covers how Public Sector Bodies should make public sector information available and how others can re-use it.

The Statutory Guidance sits alongside the ICO’s RAP which together set out how the ICO carries out its mission. The Guidance forms part of the ICO’s statutory obligations under the Data Protection Act that require the ICO to publish guidance on how it exercises its powers. It focuses on the ICO’s data protection responsibilities and provides guidance on how the ICO exercises its regulatory powers when issuing information notices, assessment notices, enforcement notices and penalty notices (section 160), including fixed penalties (section 158). It also details the ICO’s approach to accessing privileged information (section 133).

The third document is the Statutory Guidance on Privacy and Electronic Communications Regulations which sits alongside the RAP and the Statutory Guidance on regulatory action. This Guidance specifically deals with the ICO’s powers under the Data Protection Act in relation to electronic communications like nuisance calls, emails or texts.

You can respond to the ICO’s consultation through an online survey or via email: [email protected]. and by 5pm on 24 March 2022 when the consultation will close.

The ICO expect to publish its final documents by the end of 2022 which will be overseen by the new Information Commissioner, John Edwards who began his new role in January. He succeeds Elizabeth Denham CBE.

Our content explained

Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.

Posted by


Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R


Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.


Mills & Reeve system for employees.