The UK’s privacy regulator’s own website does not conform to GDPR, the authority has admitted.

The Information Commissioner’s Office admitted that its use of cookies, small tracking files used to record information about visits to a website, was not up to standards set by the EU’s strict privacy laws.

The GDPR requires organisations to ask permission before placing these files on someone’s computer, but the ICO’s own website says it relies on “implied consent”.

Adam Rose, a lawyer at Mishcon de Reya, uncovered the flaw after sending in a complaint to the organisation about cookies.

In an email sent to him the ICO said: “I acknowledge that the current cookies consent notice on our website doesn’t meet the required GDPR standard,” and adds that it is in the “process of updating” its procedures to comply.

The GDPR, or General Data Protection Regulation, came into force over a year ago, and caused many businesses to spend thousands of pounds updating their systems in order to ensure that they were compliant.

The law is particularly stringent on the issue of consent, which must be unambiguous and given with the consumer’s full knowledge of what they are agreeing to.

Tough penalties for failing to comply range from €10m (£8.95m), or 2pc of a company’s revenue, to €20m or 4pc of its revenue.

Lawyers and industry experts said the policy suggested the authority, which enforces GDPR in the UK, had failed to conform to the standards it is meant to be upholding.