The purpose of this document is to provide clarity to those we regulate and the public about our chosen approach to statutory regulatory action. This will help the ICO achieve the goals we set out in our Information rights strategic plan.
This document sets out our risk-based approach to taking regulatory action against organisations and individuals that have breached the provisions of data protection law, set out in our aims below. Our focus is on the areas of highest risk and most harm and the principles we apply in exercising our powers