Our guidance is designed to help and support you to comply with the laws we regulate, and to help people understand their information rights.
As well as detailed formal guidance and Codes of Practice, we also produce checklists, toolkits and position papers. We create all our guidance with you in mind, making it as simple as possible for you to use.
On this page you’ll find information about all the guidance that we’re working on. You’ll see what we’re developing and when we expect to publish. And we’ll give you regular updates here so that you can confidently track a product as it develops.
Guidance in development
Click to expand the list of guidance in development
- Recruitment and selection guidance
- Employment Records guidance
- Privacy Notice Generator
- Data Protection Audit Framework
- FOI Section 41 - Information provided in confidence
- Guidance on the use of storage and access technologies
- Consumer Internet of Things guidance
- Cloud Computing guidance
- FOI Datasets (sections 11, 19 & 45)
- Right of access detailed guidance
- Direct Marketing Tool
- Encryption guidance
- Scanning Children's fingerprints in school guidance
- Domestic CCTV guidance for the Public
- Handling Cyber Incidents
- International Transfers guidance
- 'I'm worried that my information has been shared, what should I do?' guidance
- Substantial Public Interest Conditions – Guidance Update
- Profiling and Behaviour ID Tools for Online Safety
- ICO-CMA Position Paper on Foundations Models
- FOI - Reduce the inappropriate use of exemptions and empower the public to know when they can press for more
- Part 3 Law Enforcement Guidance
- Police and justice guidance for the public
- Self–service - Subject Access Request – user journey
- Consent or Pay public-facing policy position
- Data sharing for scams and frauds case studies
- Joint Guidance: How to build equality & data protection in your AI procurement process: A Guide for Councils in England
- Sharing Information to Safeguard Children Sector Guidance
- Anonymisation & Pseudonymisation guidance
- How to disclose information safely
- Data protection basics
- Identity theft
- Spam texts
- Spam emails
- Special category data - detailed and in brief
Guidance stages explained
Drafting – During this stage we pull together all relevant information and create a structured draft.
Internal consultation – We share the draft with teams across the office who can help us to improve and refine the guidance, provide specialist input and make sure our guidance is consistent.
Redrafting (following internal consultation) – We take all the feedback we’ve received from our internal consultation and use it to improve our draft, before we share it more widely.
Public consultation (optional) – In most cases we carry out a public consultation on the draft guidance, before we publish the finished product. This helps us understand the needs of stakeholders and the public. To understand more about how and when we do this, you can read our consultation policy.
Redrafting (following public consultation) – We make changes to the draft guidance to clarify issues and meet the needs of our audience.
Review and sign off – We carry out a final review, before sign off and publication.
Withdrawn - Occasionally we decide to not proceed with a guidance project. If so, we mark it as withdrawn for two months, before removing it from this page. If we decide to revisit an issue, we add a new entry to this page.
Guidance on the use of storage and access technologies
Updated guidance on the use of storage and access technologies.
Stage: Review and sign off
Due for publication: Winter 2025
Further information: Updated guidance for online service providers using storage and access technologies on our expectations for compliance with PECR (and, where the use of these technologies involves personal data processing, the UK GDPR).
'I'm worried that my information has been shared, what should I do?' guidance
Guidance to help the public understand what they should do if they are affected by a data breach.
Stage: Published
I’m worried about how an organisation has handled my information, what should I do?
Substantial Public Interest Conditions – Guidance Update
Update on the ICO’s existing guidance on the substantial public interest (SPI) conditions.
Stage: Drafting
Due for publication: Winter 2025
Further information: Adding additional content to explain how these conditions work. We are also developing a tool for users.
Joint Guidance: How to build equality & data protection in your AI procurement process: A Guide for Councils in England
Guidance to help local authorities comply with the Public Sector Equality Duty and Data Protection law when procuring and contracting out AI-based -technologies.
Stage: Drafting
Due for publication: Spring 2025