ICO guidelines. Know your GDPR data rights

ico website

The EU’s General Data Protection Regulation (GDPR) is the foundation of the UK’s data protection regime. The Data Protection Act 2018 is the UK’s interpretation of the GDPR, and our country adheres to the principles of the Regulation, despite Brexit.

Under the GDPR, any organisation that handles personal information such as names, email addresses, phone numbers, and payment details must put robust measures in place to keep this data safe. And the more you know about the GDPR, the easier it is to hold organisations to account when they fail to do this.

On the Information Commissioner’s Office (ICO) website you can find a wealth of information and advice on the GDPR. For example, did you know that you have the following rights?

The right to be informed if your personal data is being used

This includes things like why an organisation is using your data, how it is using it, what type/types of data it is using, how long the data will be kept, if it shares this data with any third parties, and more.

The right of access to your data

You have a legal right to find out if an organisation is using or storing your personal data. To exercise this right you should ask for a copy of this data. This is called making a data subject access request (DSAR/SAR).

You can make a subject access request at any time. Many of our clients make DSARs to start the compensation claim process following a data breach.

The right to get your data corrected or deleted

You can challenge the accuracy of any personal data that an organisation holds about you and ask for it to be corrected, added to, or deleted. The ICO provides a handy template to help you to raise any concerns about your data.

The right to limit how organisations use your data

You can restrict the way an organisation uses your personal data. To exercise your right you should make your request directly to the organisation in question and be clear about why you want the data to be restricted.

In some circumstances, you can also object to an organisation using your data at all. For example, you have the right to stop an organisation from using your data for email marketing.

The right to data portability

You have the right to get a copy of your personal data from an organisation. You might want this data to pass to another organisation, and so it must be provided in a way that is transferable if at all possible.

At Keller Postman UK, our data breach team is committed to making sure that people across England & Wales understand their data protection rights. And we make sure that our clients know what they can do when these rights have been ignored, overlooked, or abused.

If you have suffered damage or distress caused by an organisation breaching any part of the GDPR/Data Protection Act, you also have a right to claim compensation.

Why use Keller Postman UK to make a data breach, GDPR violation, or cybercrime claim?


Contact our expert data breach lawyers to discuss a data breach claim.

In March 2024, our firm changed its name to KP Law. 

Share this article: