Information and Data Protection Office

Make a complaint or report
Information and Data Protection Office > Information > Information for organisations and businesses

Information for organisations and businesses

A list of pages published by the Information and Data Protection Office with information for organisations and businesses.

  • Core duties of organisations and authorities

    This page explains the main legal responsibilities of organisations and public authorities that use personal data.

  • Data security and breaches

    This page explains your security and breach response duties under the Freedom of Information and Data Protection Act 2026.

  • Enforcement and sanctions

    This page explains how the Information and Data Protection Office enforces the Freedom of Information and Data Protection Act 2026.

  • Glossary

    This glossary explains key terms used in the Freedom of Information and Data Protection Act 2026. It is for individuals, businesses and organisations and public authorities.

  • Handling individual data rights

    This page explains how controllers must handle requests to correct, delete, restrict or object to the use of personal data under the Freedom of Information and Data Protection Act 2026.

  • Handling Subject Access Requests (SAR)

    This page explains how controllers must recognise, handle and respond to Subject Access Requests under the Freedom of Information and Data Protection Act 2026.

  • Regulator and oversight

    This page explains the role and powers of the Information and Data Protection Office under the Freedom of Information and Data Protection Act 2026.