United Kingdom: Information Commissioner's Office issued guidance on compatibility and reuse of personal information

On 23 March 2026, the Information Commissioner's Office issued guidance on the compatibility of reusing personal information under the UK General Data Protection Regulation. It explains how the purpose limitation principle applies when controllers seek to use data for a new purpose. The guidance outlines conditions in Annex 2 under which certain reuses are automatically considered compatible with the original purpose, without requiring a separate assessment. These include, for example, disclosures for public tasks, archiving, public security, emergencies, crime prevention, vital interests, safeguarding, taxation, and compliance with legal obligations. In all cases, controllers must ensure that the reuse is necessary and proportionate and identify an appropriate lawful basis. Where the original processing relied on consent, controllers should assess whether obtaining fresh consent is reasonable before relying on an Annex 2 condition. The guidance is intended for data protection officers and others responsible for compliance in larger organisations.