Data Protection: What are my data rights?

Due to the rise of cyber-attacks and data breaches, we must now be very careful about which information we put online or is held on us by organizations. Often, we cannot access services if we do not entrust our data, and so we are required to hand our details over. However, once we do, organizations have a duty to keep this information safe and private. This is due to data protection laws which exist in most countries (such as the new European Union (EU) regulations GDPR). What’s more, once we have provided our personal information, we have the right to access, change and in some cases delete what they have stored.

We all have rights to understand which details a company holds about us. However, it is important to note that these only apply when your details are:

  • Stored on a computer
  • Held on paper or similar form
  • Comprised of photos/videos recordings of yourself

If you would like to see how your data is being stored or who has access to it, we recommend getting in touch with the organisation in question. Under data protection, they are required to provide you with a copy of your personal information, hold it for no longer than is needed or previously stated as well as update any factual inaccuracies.

By writing to the organisation in question, you have the right to prevent the use of or remove your personal details for marketing purposes. This request must be actioned with 40 days, by the end of which you will be notified by the organization. Similarly, if you believe that the information they hold is not necessary, you can formally request that it is removed. However, be warned that some of your details are required to provide a service, and so deleting your information could result in the service being ceased.

If you find that an organisation is unwilling to hand over the information which they hold on you, you can get in touch with your country’s Information Commission Office. Simply write to the commissioner, in an email or a letter, explaining your case (including the details of the offending organization) and they will look into this on your behalf. If the commissioner agrees with your case, they can request that the organization follows the law and hands over your information. Please note, they cannot award you compensation.

As cyber-attacks are becoming more common, it has never been more important to understand the data which organizations hold on you. Whilst we often feel compelled to provide our personal information in order to access a service, we do have rights to access, alter and remove data if we feel necessary.

Do you have a question you’d like answered? Let us know in the comment section below.