In October 2024, the Information Commissioner’s Office (ICO) approved the UK GDPR Code of Conduct for Investigative & Litigation Support Services (the Code), which was developed by the Association of British Investigators (ABI). The Code is the first UK GDPR code of conduct approved by the ICO and represents a significant step forward in options for demonstrating compliance with complex areas of data protection law.

This article examines how UK GDPR codes of conduct (or codes) work, details the Code team’s experience of the challenges in getting the first Code passed, gives practical suggestions to tackle these hurdles, and analyses the prospects for more codes in the future.