UK names SSAIB monitor
The UK’s ICO approved SSAIB as an accredited monitoring body and set a June 1 deadline for organisations to publish public complaints processes under the updated regime. (x.com) The announcement was posted alongside guidance about increased monitoring and reporting expectations. (x.com)
Britain’s data watchdog has approved SSAIB as the first accredited body to police a UK General Data Protection Regulation code of conduct. (ssaib.org) The Information Commissioner’s Office approval lets the Security Systems and Alarms Inspection Board monitor compliance with the Association of British Investigators’ UK GDPR code for investigative and litigation support services. SSAIB said the accreditation was granted in December 2025 and applies only to that code. (ssaib.org) Under Article 41 of the UK GDPR, private-sector codes of conduct can be overseen by an independent monitoring body, but only after that body is accredited by the ICO. The ICO’s guidance says those bodies must show expertise, independence, complaint-handling procedures and governance strong enough to avoid conflicts of interest. (ico.org.uk, ico.org.uk) The move lands as the ICO is also preparing organisations for a new complaints-handling regime under the Data (Use and Access) Act. The ICO says organisations must have a process for handling data protection complaints, with the new requirements taking effect on 19 June 2026. (ico.org.uk) That guidance says organisations must give people a way to complain, acknowledge complaints within 30 days, investigate without undue delay, keep complainants informed, and communicate an outcome without undue delay. The ICO published the final version of that guidance on 12 February 2026. (ico.org.uk) Law firms tracking the change say a separate duty to make the complaints process publicly accessible starts on 1 June 2026, ahead of the broader 19 June 2026 commencement date cited in the ICO’s guidance. Willans said the new process becomes the first step before a person can escalate a data-protection complaint to the ICO. (willans.co.uk) The code system itself is voluntary. The ICO says sector bodies create codes to translate general data-protection rules into practical standards for a profession, and signing up can help organisations show accountability and apply the law in a way that fits their work. (ico.org.uk) SSAIB is best known as a certification body in security, fire and monitoring systems, not as a privacy regulator. On its site, it says it is a UKAS-accredited certification body founded in 1994 and operating on a not-for-profit basis. (ssaib.org) SSAIB said it plans to begin accepting applications from May 2026. That gives investigative and litigation-support firms a route into formal code monitoring just weeks before the UK’s new complaints rules start to bite. (ssaib.org, ico.org.uk)
