skip to main content
Privacy LawsICO Guidance

ICO Guidance

ICO Compliance

Time Remaining

What is the ICO?

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Under the Data Protection Act 1998, all organisations that process personal information must register with the ICO, who publish the names and addresses of the data controllers. They also include a description of the type of processing each organisation performs. If your organisation processes personal data, failure to register with the ICO is against the law.

Earlier this year, the UK Information Commissioner’s Office (ICO) released new guidance on the use of cookies and similar technologies, providing updated directions for complying with the PECR and GDPR.

The ICO issues monetary penalties of up to £500,000 to those who have broken the Data Protection Act 1998 or breached the terms of the Privacy and Electronic Communications Regulations (PECR). Serious breaches will be met with direct action and failure to comply with the law might lead to enforcement action.

At a high level, here's what you need follow the guidance on consent:
  • Cover each purpose for which personal data will be processed
  • Collect specific, freely given and unambiguous consent to the cookies prior to the cookie being dropped
  • Identify all parties placing cookies, meaning that organizations should name all parties who will rely on users’ consent.
  • Provide an option to withdraw consent
  • Maintain evidence of consent – who, when, how, and what you told users

Who Does the ICO Apply To?

This is not defined by the ICO. It is believed that the ICO might follow the rules given by the ePrivacy. This would mean that its guidance would apply to use of cookies carried out by an established controller or processor that monitors the behavior of individuals in the U.K.  

Solutions to Help Organizations Follow ICO Guidance

Mobile App Compliance

Scan apps for tracking technologies and unknown SDKs, collect app consent, and give both privacy and mobile app development teams visibility into how their app is sharing data with third parties.

How CookiePro Helps
  • Tracking technologies scanner
  • Visual reports to understand the app’s health
  • Communication management settings by product, channel, frequency, etc.
  • Central consent records management and preference database
  • Marketing and IT technologies integration
Mobile app ads
CookiePro DSAR Web Form Editor
Consumer and Subject Request Management

Build and configure web forms to capture data subject requests based on regulation-specific requirements. CookiePro enables you to consolidate your requests and track them through the entire lifecycle to demonstrate compliance.

How CookiePro Helps
  • Request form customization
  • WordPress Do Not Sell plugin
  • Workflow management to respond to requests
  • Built-in response templates to use when communication with users
  • Consolidation of requests to track through the entire lifecycle
CCPA Do Not Sell Laptop Mockup

CookiePro Do Not Sell WordPress Plugin

Download the new CookiePro Do Not Sell WordPress plugin to allow website visitors to opt of the sale of their personal information.

CCPA Do Not Sell WordPress Plugin
[WEBINAR] Prepare for CCPA with CookiePro
Join the CookiePro team for a CCPA preparation webinar on Friday, November 22 at 11:30 pm.
CCPA Compliance Checklist: 8-Week Countdown
Learn about #3 off of our CCPA Compliance Checklist which focuses on the consumer right called the Right to Inform.
Mobile-Responsive Consent Management is Key
With the increase of web browsing on mobile devices and tablets, it's important to partner with a consent management tool that provides...
CookiePro Sponsors Seattle WordPress WordCamp
CookiePro is heading to Seattle to participate in the WordPress WordCamp Seattle to connect with WordPress enthusiasts from around the...