ICO guidelines. Know your GDPR rights


Unless you have been living under a rock, you will have heard about the General Data Protection Regulations (GDPR). Under the GDPR, any organisation that handles personal information such as names, email addresses, phone numbers, and payment details has to put robust measures in place to keep this safe.

The GDPR forms part of the data protection regime in the UK and works alongside the new Data Protection Act 2018.

The more you know about the GDPR, the easier it is to make sure you hold organisations to account when it comes to keeping your data safe.

On the Information Commissioner’s Office (ICO) website you can find a wealth of information and advice on the GDPR.

For example, did you know that you have the following rights?

The right to be informed if your personal data is being used

This includes things like why an organisation is using your data, how it is using it, what type/types of data it is using, how long the data will be kept, if it shares this data with any third parties, and more.

The right of access to your data

You have the right to find out if an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this data. This is called making a subject access request (SAR).

You can make a subject access request at any time. For example, you can make a SAR if you want to find out if information is being held about you and how it is being used. In addition, at Hayes Connor Solicitors, many of our clients make SARs to start the compensation claim process following a data breach.

Find out more about making a SAR.

The right to get your data corrected or deleted

You can challenge the accuracy of any personal data that an organisation holds about you and ask for it to be corrected, added to, or deleted. The ICO provides a handy template to help you to raise any concerns about your data.

The right to limit how organisations use your data

You can limit the way an organisation uses your personal data. To exercise your right you should make your request directly to the organisation in questions and be clear why you want the data to be restricted.

 In some circumstances you can also object to an organisation using your data at all. For example you have the right to stop an organisation using your data for email marketing.

The right to data portability

You have the right to get a copy of your personal data from an organisation. You might want this data to pass to another organisation and so it must be provided in a way that is transferrable if at all possible.

Find out more about your rights on the ICO website.

At Hayes Connor Solicitors we are committed to making sure that people across the UK understand their data protection rights, and know what they can do when these rights have been ignored, overlooked or abused.

If you have suffered damage or distress caused by an organisation breaching any part of the GDPR/Data Protection Act, you also have a right to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years, so we know what it takes to make a successful data breach compensation claim.