Data protection principles - guidance and resources
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.
Brief guidance
A guide to the data protection principles
The principles of the UK GDPR and how to apply them in your organisation.
Detailed guidance
Compatibility and the reuse of personal information
Detailed guidance on compatibilty and reusing personal information under the purpose limitation principle.
In your sector
Transparency in health and social care
What is transparency, how to develop and provide transparency information and how to assess whether you are being transparent in the health and social care sector.
Resources
Records management self-assessment checklist
Assess your records management procedures and risks to people’s personal information. Includes record creation, storage and disposal, access, tracking and off-site storage.
Training videos: data protection principles
Recordings of ICO staff training on the data protection principles, available for you to reuse.