Almost every business in the UK needs to abide by legislation that formalises protection of personal data. The government agency that is responsible for this is the Information Commissioner’s Office (ICO).
We all have the following rights regarding use of our personal details by third parties:
- To request that our personal data is deleted.
- To object to an organisation getting our data.
- To be informed if our personal data is being used by third parties.
- Limit how organisations use our personal data.
- We have rights to receive personal data in a way that is accessible.
- Limit decisions made about you when your personal data is processed automatically.
Making a subject access request (SAR)
The ICO website states that:
“You have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing.
This is called the right of access and is commonly known as making a subject access request or SAR.”
You can make a SAR to find out:
- what personal information an organisation holds about you;
- how they are using it;
- who they are sharing it with; and
- where they got your data from.
In effect, the ICO protects our rights to privacy, or when our personal details are held by third parties, that it is used responsibly and with our permission. Our personal data belongs to us. It can be used by third parties but only in accordance with the rules set out in data protection legislation (the GDPR).
If you have any issues with misuse of your personal details a good starting point to resolve matters is the ICO website at https://ico.org.uk/.