What GDPR Data Subject Rights do I have in the UK?
Published on: 22nd December 2018
By PYXI GDPR Team
You have 10 Rights as a Data Subject as a UK resident under GDPR, as defined on the Information Commissioner's website.
You have a right ...
- to be informed if your personal data is being used
- to get copies of your data
- to get your data corrected
- to get your data deleted (aka. the "Right To Be Forgotten")
- to limit how organisations use your data
- to data portability (so you can move it from one organisation to another)
- to object to the use of your data
- to know about and object to decisions being made about you from your data without human involvement
- to access information from a public body
- to raise a concern about how an organisation is using your data
A full definition of what these rights cover can be found at the ICO website.
Requesting action based on your rights
Any request you raise for a response from an organisation about your personal data is known as a "Subject Access Request", or SAR. You can invoke this request this verbally, or in writing and the ICO says;
"[the organisation] must act on the subject access request without undue delay and at the latest within one month of receipt."
from the ICO website
You will probably be asked for some form of proof of identity which is intended to stop any mischief and improper invocation of SARs.
Once your identity is confirmed, the organisation will address your request.
If they do not respond adequately to your request you can escalate the issue by informing the ICO of your complaint and concerns.
Help for organisations to process SARs
If you are an organisation in receipt of a SAR you will have to ensure you deliver the response in this timeframe. We have a software solution that can help you manage Subject Access Requests when they arise.
PYXI GDPR Team: 22nd Dec 2018 15:02:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more