Your Data, Your Rights

You have rights over your personal data. Here we explain what ‘personal data’ actually means and why it’s so important to get control of your digital footprint.

What’s personal data?

So it can mean a lot of things to a lot of people. But, legally, personal data is any information that could be used to identify you, either directly or indirectly.

This kind of thing:

  • Name and date of birth
  • Contact details
  • Postal address
  • IP address and cookie identifiers
  • ID numbers
  • Location info
  • Bank details

Getting super technical for a moment, it's any information that’s specific to a living person’s 'physical, physiological, genetic, mental, economic, cultural or social identity'. Phew.

Some data is considered sensitive and that’s information that can identify you or that potentially could be used to discriminate against you.

Sensitive things like:

  • Racial or ethnic origin
  • Political opinions, religious or philosophical beliefs
  • Trade-union membership
  • Genetic data, such as blood type, gender and any other genetic characteristics
  • Biometric data, such as fingerprints and facial images
  • Health data
  • A person’s sex life or sexual orientation

Although there are more rules and protections for sensitive personal data, there isn't much to stop advertisers figuring some of it out indirectly.

For example, through cookies that track what you look at online, an advertiser may see that you search for 'heart rate monitors' and 'how to cope with chest pain’, and deduce that you are likely to have a heart issue.

Digital footprint

We leave a trail of data every time we go online, a digital footprint that advertisers, or more unscrupulous actors can follow. You can reduce the chances of your data being sold to advertisers or ending up on the ‘dark web’ by cleaning up your digital footprint. Read more about getting control of your data here.

What’s not personal data?

There’s no definitive list of what is and isn’t personal data, but in general, any information that can’t be traced back to a living person isn’t considered personal data. It all comes down to context.

For example, a person’s name doesn’t always count as personal data because there could be lots of people with the name ‘John Smith’. However, if a name is combined with other information, like an address, online activity or date of birth, then it's usually enough to clearly identify just one individual. In that context, a person’s name would count as personal data.

Some examples of items that aren't considered to be personal data:

  • A company registration number
  • An email address such as info@company.com
  • Anonymised data

How’s my data protected?

Under the General Data Protection Regulation, you have rights over your data and limits what organisations can do with it. You can read more about GDPR here.

How long can personal data be stored for?

There’s no legal limit for keeping personal data. Under GDPR law, data should simply not be stored for any longer than it’s needed.

Can I ask a company to delete my data?

Oh yes! You can ask any company to delete your personal data for free, and they have to reply within 30 days by law. Our Rightly Protect service is designed to help you clean up your digital footprint by getting your data erased from any organisation.

Rightly Protect helps figure out which companies have your data and then send a deletion request to any or all of them in a single click, and for free.

Want some tips?

We’ve put together a whole bunch of tips that can help you keep control of your data and stay safe online.

What do I do if my data has been compromised?

Data breaches are happening all the time. When that happens, if your data gets stolen it can expose you to risk because the hacked data can end up in the hands of scammers who may use it against you.

For more on what to do if you think your data may have been in a data breach, have a look here.