Skip to content
CIFAS Marker Removal UK
Stage 4

Information Commissioner's Office (ICO)

UK data protection regulator

The ICO is the UK's independent authority for data protection. A CIFAS marker is personal data on the National Fraud Database. If the institution's Data Protection Officer fails to respond to your Subject Access Request within 30 days, that is a GDPR breach. The ICO investigates data protection complaints and creates regulatory pressure on institutions.

Visit ICO website →

What ICO can do

  • Investigate data protection complaints
  • Issue enforcement notices for GDPR breaches
  • Create regulatory pressure on institutions
  • Investigate failures to respond to Subject Access Requests
  • Strengthen your position for a court claim

What ICO cannot do

  • Order marker removal directly
  • Award compensation — that requires court
  • Act as quickly as you might need
  • Investigate every complaint individually (they triage)

Key facts

Investigates SAR breaches (30-day deadline)
Can issue fines for GDPR non-compliance
An active ICO complaint strengthens court claims
Many institutions settle once ICO is involved

Need help with a CIFAS marker complaint?

The system supports your case through every stage — including ICO.

Start Your Case