Government to announce timeline for Information Commission transition in weeks

In a session at the IAPP Data Protection Intensive conference in London this week, Paul Arnold, Chief Executive Officer at the Information Commissioner's Office (ICO), provided an update on the operational changes that will take place at the regulator. Under reforms contained in the Data (Use and Access) Act 2025 (DUA Act), the ICO will move from a corporation sole to a board-governed body known as the Information Commission (IC). This new structure will bring the regulator into alignment with other UK regulators, such as the  Office of Communications, the Financial Conduct Authority, and the Competition and Markets Authority. A new chair will be recruited at the end of the year once the current Information Commissioner's term ends. The incoming Board will be publicly appointed, and Arnold will continue to serve as chief executive, leading operational decision-making. 

Arnold noted that the new Board model will promote greater continuity and prevent what he referred to as the "cliff edge" that occurs at the end of a commissioner's term. He explained that the new structure is expected to promote more robust governance and bring a wider range of perspectives to the Board. The terms of Board members will also be staggered to ensure ongoing stability.

The UK government is expected to finalise the timeline for this transition within the coming weeks. 

In addition to the governance changes, Arnold discussed the regulator's future strategic direction as the ICO25 strategy reaches its conclusion. The Information Commission intends to focus on several core themes, including promoting trust and responsible data use, enabling innovation and bolstering the public's confidence in how data is used.

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.