ICO & DPC observations

The ICO & The DPC

reviews & observations 


Working with ICO

"Work continues on further development of a second version of the SME toolkit. We are also working with a third party, The Outcomes Partnership..." Business & Industry Sector, Good Practice, Information Rights Report (Page 18)

Get more details →

Evaluation by ICO

"The ICO agree that your GDPR templates add significant additional functionality and integration options to the ICO SME Self-Assessment Data Protection toolkit."

Get more details →

Approval by ICO

"Agreed authorisation and approval from the ICO to present our GDPR compliance toolkit for SMEs, as being compliant with ICO requirements and standards."

Get more details →

Review by ICO

The Children's Code 

"The reviewing panel felt that as a code conformance tool the DPIA toolkit was very helpful."


"The Children's Code design guidance tool looks like it could be a useful way to ensure you consider the code design challenges in practice."


Get more details →

DPC observations & comments 2022

  • The DPC welcomes and has no concerns in using Child-Orientated or Child-Specific DPIA templates. 
  • The DPC welcomes any organisation that encompasses the use of the Fundamentals for a Child-Oriented Approach to Data Processing as guidance in their approach to processing children's data as published by the DPC and how organisations should consider these principles and outline measures they have considered to meet any of these principles.
  • The DPC welcomes the use and consideration of any of our published DPC DPIA guidance in the template. 
  • The DPC welcomes the reference in your template to EDPB guidelines on Data Protection Impact Assessments (DPIAs) and, in particular, Annex 2 – Criteria for an Acceptable DPIA.
  • The DPC does not have any observations on the ICO DPIA Template as it would be inappropriate.


Get more details →

DPC observations & comments 2022

"Between the guidelines on The Fundamentals from the DPC and the template form from the ICO UK, organisations you deal with will be better positioned to have a structured DPIA in place to process children's data. This, coupled with the examples of data protection by design and default in the Fundamentals (7.3), will be a good starting place for a controller or organisation that intends to process children's data." 

Get more details →

DPC engagement & consultation 2022

"We are pleased that you have taken our observations on board and that you found them useful.

Please note that, in line with our statutory powers, functions and duties under inter alia the GDPR and the Data Protection Act 2018, a core objective of the DPC is to drive improved awareness and compliance by data controllers and processors with data protection legislation, including through consultation and engagement with same.

Given that the DPC has now provided several rounds of observations on your DPIA template spanning several months, we are satisfied that we have thoroughly acquitted our consultation function in relation to same".

Get more details →
Share by: