ICO (Information Commissioner's Office)
The UK's independent supervisory authority for data protection, responsible for enforcing UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.
How it works
The ICO is the regulator UK businesses interact with on data protection matters: ICO registration is mandatory for most data controllers, breach notifications are made to the ICO within 72 hours, and the ICO investigates and enforces against breaches with fines up to £17.5 million or 4 percent of global turnover. The ICO has published specific guidance on AI: the Guidance on AI and Data Protection covers fairness, transparency, lawfulness, accountability, security, and individual rights as they apply to AI systems. For UK businesses deploying AI on personal data, ICO-aligned architecture is not optional. Ayoob AI is ICO-registered, and every system we ship is designed against the ICO AI guidance.
Related terms
UK GDPR
The UK's data protection regime as established by the Data Protection Act 2018, retaining the substantive requirements of EU GDPR after Brexit, governing how personal data is collected, processed, stored, and shared.
Data Protection Impact Assessment (DPIA)
A formal assessment required under UK GDPR before processing personal data in ways likely to result in high risk to individuals, documenting the necessity, proportionality, and mitigation of identified risks.
Subject Access Request (SAR)
A legal right under UK GDPR for an individual to request a copy of the personal data an organisation holds about them, with a one-month statutory response deadline.
Want to see this technology in action?
Book a Discovery Call