The UK’s Data Protection Legislation governs how personal data is used, stored, and shared. It includes the UK GDPR and the Data Protection Act 2018, ensuring transparency, accountability, and individuals' rights in handling personal information across public and private sectors. Source: Official website. For any change please contact us

1. 4
1
Organizations must comply with the following principles:
● Lawfulness, fairness, and transparency – Data must be processed legally and with clear communication to the individual.
● Purpose limitation – Data should be collected for specific, legitimate purposes and not used beyond that scope.
● Data minimization – Only necessary data should be collected and retained.
● Accuracy – Information must be kept up to date and corrected when necessary.
● Storage limitation – Data should not be retained longer than required.
● Security – Organizations must implement technical and organizational measures to protect data from breaches.
Special Categories of Data
Certain types of personal data are subject to stricter legal protections:
● Sensitive personal data – Includes details about race, ethnic origin, health, biometrics, political views, sexual orientation, and religious beliefs.
● Criminal offense data – Special legal safeguards apply to information related to criminal records and law enforcement investigations.
The UK's data protection laws regulate how organizations, including
businesses, government agencies, and public bodies, collect, store, and
process personal data. The legal framework is based on:
About
● UK General Data Protection Regulation (UK GDPR) – A
post-Brexit adaptation of the EU GDPR that sets out strict rules on
handling personal data.
● Data Protection Act 2018 – Supplements UK GDPR, providing
additional guidelines regarding law enforcement and intelligence
data processing.
Popular Services
Fundamental Data Rights
● Right to be informed – Organizations must disclose how and why they process your data.
● Right of access – Individuals can request a copy of the personal data an organization holds about them.
● Right to rectification – Incorrect or outdated data can be corrected upon request.
● Right to erasure ("Right to be Forgotten") – Individuals can request their data be deleted under specific conditions.
● Right to restrict processing – In certain circumstances, individuals can limit how their data is used.
● Right to data portability – Individuals can request to transfer their data from one service provider to another in a structured format.
● Right to object – Individuals can challenge how their data is used, especially in direct marketing or automated decision-making cases.
Automated Decision-Making & Profiling
● Individuals have rights regarding decisions made solely by automated processes without human intervention.
● Organizations must provide transparency and justification for automated profiling, such as credit scoring or targeted advertising.
Complaints and Enforcement
● If you believe your data protection rights have been violated, you can file a complaint with the Information Commissioner's Office (ICO).
Your Rights Under Data Protection Laws
Key Principles of Data Protection
3
Find Out What Data an Organization Has About You
Make a Complaint
2
If you believe your data has been misused or there has been a security
breach, follow these steps:
● Contact the organization first – Request an internal review of how
your data has been handled.
● Escalate to the ICO – If the response is unsatisfactory, file a
complaint with the ICO.
● ICO actions – The ICO can investigate, issue penalties, and enforce
corrective actions.
Contacting the ICO
● Telephone: 0303 123 1113
● Textphone: 18001 0303 123 1113
● Online chat: Available via the ICO website
● Mail: Information Commissioner’s Office, Wycliffe House, Wilmslow,
Cheshire, SK9 5AF
You have the right to access personal data held by any organization by
making a
Subject Access Request (SAR). Steps include:
● Identify the data controller – Contact the company’s Data
Protection Officer (DPO). If no DPO exists, direct the request to
the company secretary.
● Timeframe for response:
● Standard timeframe: 1 month.
● Complex cases: Up to 3 months, with an explanation provided
within the first month.
● Exceptions: Data may be withheld if disclosure affects national
security, law enforcement, taxation, or judicial appointments.
● Cost: Usually free, but organizations can charge a reasonable
administrative fee for excessive or unfounded requests.
5
6