Your rights under GDPR

GDPR has given people more rights over their personal data than ever before. Find out how to use yours today.

So, what is GDPR?

GDPR stands for General Data Protection Regulation. It's a set of EU regulations that give people more rights over their personal data, and limits what organisations can do with it. GDPR aims to make it simpler for people to control how companies use their details.

When it was introduced in 2018, it was a huge step forward for consumer rights. Thanks to GDPR, you now have more rights over your data than ever before.

Why was GDPR needed?

Before GDPR, there wasn’t enough regulation around how personal data was being used by companies. As cases like the Cambridge Analytica scandal showed, many companies were exploiting this opportunity at the expense of individuals.

New laws were needed to protect people's rights, and to keep up with the revolutionary ways in which data was and still is mined.

Many people would argue that GDPR still doesn't go far enough. This is because it's all too common for companies to collect, store and share personal data without full consent.

Is it the same in every country?

GDPR was written in a general way to allow countries to make their own small changes to suit their needs. In the UK, our version is called The Data Protection Act (2018). All of the points that we cover on this page apply to both.

On 10 May 2022, the UK government announced a new ‘Data Reform Bill’ to develop an alternative to GDPR. We don’t know much about what they’re going to do, but they have indicated a desire for more flexibility to “reduce the burden on business”. We’ll be keeping an eye on what any of this might mean for your rights to control your personal data.

What are my consumer rights under GDPR?

GDPR gives you as an individual much greater control over your own data and secures these eight rights:

  • The right to be informed: Organisations must be transparent about what they're doing with your personal data.
  • The right of access: You have the right to know exactly what information is being held about you.
  • The right of rectification: You're entitled to have personal data corrected if it's wrong or incomplete.
  • The right to erasure: You have the right to demand your personal data should be removed or deleted.
  • The right to restrict processing: You have the right to block a company from processing your personal data.
  • The right to data portability: You have the right to retain and reuse your personal data for your own purposes.
  • The right to object: In some cases, you have the right to object to your personal data being used at all.

Rights of automated decision making: The law puts safeguards in place to protect you from potentially damaging decisions being made about your personal data without human intervention.

How can I use my eight GDPR rights in practice?

  • You can find out what any company holds on you, by simply sending a Subject Access Request (SAR).
  • You can correct your own personal data if it's wrong or out of date.
  • You can tell a company to erase your personal data. This is also known as the 'right to be forgotten'.
  • You can limit how a company handles your data, for example telling them to delete some of it rather than all of it.
  • Because it belongs to you, you can share or transfer your personal data from one service to another.
  • You can tell companies not to use your data in certain ways, like for marketing purposes.
  • A company needs your explicit consent, a contract, or a legal justification for making a decision about your data without human involvement. If you suspect that they've acted without your consent, you can contact or report them.

What is GDPR compliance?

GDPR compliance means complying to General Data Protection Regulation. Companies that don't adhere to GDPR, who are non-compliant, can face large fines.

Want to use your GDPR rights?

Clean up your digital footprint today