skip to main content
Privacy Laws & FrameworksICO Guidance

ICO Guidance

ICO Compliance

Time Remaining

What is the ICO?

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Under the Data Protection Act 1998, all organisations that process personal information must register with the ICO, who publish the names and addresses of the data controllers. They also include a description of the type of processing each organisation performs. If your organisation processes personal data, failure to register with the ICO is against the law.

Earlier this year, the UK Information Commissioner’s Office (ICO) released new guidance on the use of cookies and similar technologies, providing updated directions for complying with the PECR and GDPR.

The ICO issues monetary penalties of up to £500,000 to those who have broken the Data Protection Act 1998 or breached the terms of the Privacy and Electronic Communications Regulations (PECR). Serious breaches will be met with direct action and failure to comply with the law might lead to enforcement action.

At a high level, here's what you need follow the guidance on consent:
  • Cover each purpose for which personal data will be processed
  • Collect specific, freely given and unambiguous consent to the cookies prior to the cookie being dropped
  • Identify all parties placing cookies, meaning that organizations should name all parties who will rely on users’ consent.
  • Provide an option to withdraw consent
  • Maintain evidence of consent – who, when, how, and what you told users

Who Does the ICO Apply To?

This is not defined by the ICO. It is believed that the ICO might follow the rules given by the ePrivacy. This would mean that its guidance would apply to use of cookies carried out by an established controller or processor that monitors the behavior of individuals in the U.K.  

Solutions to Help Organizations Follow ICO Guidance

Mobile App Compliance

Scan apps for tracking technologies and unknown SDKs, collect app consent, and give both privacy and mobile app development teams visibility into how their app is sharing data with third parties.

How CookiePro Helps
  • Tracking technologies scanner
  • Visual reports to understand the app’s health
  • Communication management settings by product, channel, frequency, etc.
  • Central consent records management and preference database
  • Marketing and IT technologies integration
Mobile app ads
CookiePro DSAR Web Form Editor CCPA Data Subject
Consumer and Subject Request Management

Build and configure web forms to capture data subject requests based on regulation-specific requirements. CookiePro enables you to consolidate your requests and track them through the entire lifecycle to demonstrate compliance.

How CookiePro Helps
  • Request form customization
  • WordPress Do Not Sell plugin
  • Workflow management to respond to requests
  • Built-in response templates to use when communication with users
  • Consolidation of requests to track through the entire lifecycle
CCPA Do Not Sell Laptop Mockup

CookiePro Do Not Sell WordPress Plugin

Download the new CookiePro Do Not Sell WordPress plugin to allow website visitors to opt of the sale of their personal information.

CCPA Do Not Sell WordPress Plugin
Countdown to CCPA: Cookies Master Class...
Check out our webinar series to learn how you need to manage cookie consent prior to the CCPA 2020 deadline.
Cookies 2019 Year in Review: ICO
In our weekly Cookies 2019 Year-in-Review blog series, we’re covering headlines that were made from regulations in 2019 about privacy...
CCPA Compliance Checklist: Three-week...
This week in our CCPA Compliance Checklist blog series, we’ll review how to use our product to respond to consumer requests.
CCPA Opt-Out Requirement Solutions
The CCPA Do Not Sell rule gives consumers the right to opt out of the sale of their personal information. Here's how to make sure you...
popup close button