The UK data protection regime is set out in the Data Protection Act 2018 (DPA 2018), alongside the UK General Data Protection Regulation (GDPR).

Data protection is about making sure you can trust others to use your data fairly and responsibly.

You have the right:

  1. to be informed about how and why your data is used
  2. to access personal data held about you, known as the 'right of subject access'
  3. to have your data corrected if it's inaccurate or incomplete
  4. to have your data deleted, known as the 'right to be forgotten'
  5. to have your data restricted
  6. to ask us to stop processing your personal information, known as the ‘right to object’
  7. to ask us to put the personal information you have given us into a portable electronic machine readable format so it is capable of being transmitted to someone else
  8. to not be subject to decisions based solely on automated processing

These rights are not absolute and are dependent on conditions and exemptions. In some cases, the rights described above only apply if the processing activity is undertaken on specific legal grounds and/or in defined circumstances. Therefore, all these rights are unlikely to be engaged in all cases.

You can find more detailed information about your rights from the Information Commissioner’s Office (the ICO). The ICO is the UK’s independent regulator responsible for upholding and enforcing your rights under data protection law.