The Data Protection Act

The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

There is stronger legal protection for more sensitive information, such as:

There are separate safeguards for personal data relating to criminal convictions and offences.

Your rights

Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:

You also have rights when an organisation is using your personal data for:

Find out what data an organisation has about you

Write to an organisation to ask for a copy of the information they hold about you.

If it’s a public organisation, write to their Data Protection Officer (DPO). Their details should be on the organisation’s privacy notice.

If the organisation has no DPO, or you do not know who to write to, address your letter to the company secretary.

How long it should take

The organisation must give you a copy of the data they hold about you as soon as possible, and within 1 month at most.

In certain circumstances, for example particularly complex or multiple requests, the organisation can take a further 2 months to provide data. In this case, they must tell you:

When information can be withheld

There are some situations when organisations are allowed to withhold information, for example if the information is about:

An organisation does not have to say why they’re withholding information.

How much it costs

Requests for information are usually free. However, organisations can charge an administrative cost in some circumstances, for example if:

Make a complaint

If you think your data has been misused or that the organisation holding it has not kept it secure, you should contact them and tell them.

If you’re unhappy with their response, you can make a complaint to the Information Commissioner’s Office (ICO) or get advice from the ICO.

ICO
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF

You can also chat online with an advisor.

The ICO can investigate your claim and take action against anyone who’s misused personal data.

You can also visit their website for information on how to make a data protection complaint.

Did you find this page useful?

Dislike sign