Data Protection Act: Information Commissioner and Enforcement

These Parts of the Act concern the function of the Information Commissioner and her powers of enforcement.


Information Commissioner and Enforcement Factsheet

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email Please tell us what format you need. It will help us if you say what assistive technology you use.


The Information Commissioner independently upholds the information rights of citizens in the UK, and is able to enforce sanctions where breaches of regulation occur. These parts of the bill outline the functions of the Information Commissioner in accordance with data protection law, and her powers of enforcement including powers of entry and inspection.

The Act:

  • retains the Information Commissioner as the UK’s independent data protection regulator

  • places a duty on data controllers to notify the Commissioner as well as individuals concerned of data breaches that risk affecting individuals’ rights

  • increases maximum penalties for regulatory breaches from £500k to £17m

  • creates new offences to deal with emerging threats

For more information about the Information Commissioner’s remit please visit the ICO’s website here.

Published 25 May 2018