Title: Data protection: The UK's data protection legislation - GOV.UK
Open Graph Title: Data protection
Description: The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself
Open Graph Description: The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself
Opengraph URL: https://www.gov.uk/data-protection
Domain: www.gov.uk
{
"@context": "http://schema.org",
"@type": "Article",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://www.gov.uk/data-protection"
},
"name": "Data protection",
"datePublished": "2011-11-15T10:53:08+00:00",
"dateModified": "2025-01-22T15:54:24+00:00",
"text": "The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself",
"publisher": {
"@type": "Organization",
"name": "GOV.UK",
"url": "https://www.gov.uk",
"logo": {
"@type": "ImageObject",
"url": "https://www.gov.uk/assets/frontend/govuk_publishing_components/govuk-logo-b8553f688131fad665e52a8c2df7633f9cd1c0fffb9f69703cc68c728e7b3b74.png"
}
},
"image": [
"https://www.gov.uk/assets/frontend/govuk_publishing_components/govuk-schema-placeholder-1x1-2672c0fb7a5d5f947d880522c509ebe7f2be090885883cc94418f6860e812e15.png",
"https://www.gov.uk/assets/frontend/govuk_publishing_components/govuk-schema-placeholder-4x3-194fde4197f00e669f6f52c182df2ed707bfb2024c9ef39f7a2ed20da62b90eb.png",
"https://www.gov.uk/assets/frontend/govuk_publishing_components/govuk-schema-placeholder-16x9-30e6c0e035636ee6b9dc72ae254bcd4a925182805afe7c5b7170cf2394894b28.png"
],
"author": {
"@type": "Organization",
"name": "Government Digital Service",
"url": "https://www.gov.uk/government/organisations/government-digital-service"
},
"about": [
{
"@context": "http://schema.org",
"@type": "Thing",
"sameAs": "https://www.gov.uk/crime-justice-and-law/rights"
}
],
"headLine": "Data protection",
"description": "The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself",
"articleBody": "\u003cp\u003eData protection legislation controls how your personal information is used by organisations, including businesses and government departments.\u003c/p\u003e\n\n\u003cp\u003eIn the UK, data protection is governed by the \u003ca rel=\"external\" href=\"https://www.legislation.gov.uk/eur/2016/679/contents\"\u003eUK General Data Protection Regulation (UK GDPR)\u003c/a\u003e and the \u003ca rel=\"external\" href=\"https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted\"\u003eData Protection Act 2018\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eEveryone responsible for using personal data has to follow strict rules called ‘data protection principles’ unless an exemption applies. There is a \u003ca rel=\"external\" href=\"https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/exemptions/a-guide-to-the-data-protection-exemptions/\"\u003eguide to the data protection exemptions on the Information Commissioner’s Office (\u003cabbr title=\"Information Commissioner's Office\"\u003eICO\u003c/abbr\u003e) website\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eAnyone responsible for using personal data must make sure the information is:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eused fairly, lawfully and transparently\u003c/li\u003e\n \u003cli\u003eused for specified, explicit purposes\u003c/li\u003e\n \u003cli\u003eused in a way that is adequate, relevant and limited to only what is necessary\u003c/li\u003e\n \u003cli\u003eaccurate and, where necessary, kept up to date\u003c/li\u003e\n \u003cli\u003ekept for no longer than is necessary\u003c/li\u003e\n \u003cli\u003ehandled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThere is stronger legal protection for more sensitive information, such as:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003erace\u003c/li\u003e\n \u003cli\u003eethnic background\u003c/li\u003e\n \u003cli\u003epolitical opinions\u003c/li\u003e\n \u003cli\u003ereligious beliefs\u003c/li\u003e\n \u003cli\u003etrade union membership\u003c/li\u003e\n \u003cli\u003egenetics\u003c/li\u003e\n \u003cli\u003ebiometrics (where used for identification)\u003c/li\u003e\n \u003cli\u003ehealth\u003c/li\u003e\n \u003cli\u003esex life or orientation\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThere are separate safeguards for personal data relating to criminal convictions and offences.\u003c/p\u003e\n\n\u003ch2 id=\"your-rights\"\u003eYour rights\u003c/h2\u003e\n\n\u003cp\u003eUnder the legislation, you have rights in relation to your personal data, with some exceptions. These include the right to:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003ebe informed about how your data is being used\u003c/li\u003e\n \u003cli\u003eaccess personal data\u003c/li\u003e\n \u003cli\u003ehave incorrect data updated\u003c/li\u003e\n \u003cli\u003ehave data erased\u003c/li\u003e\n \u003cli\u003estop or restrict the processing of your data\u003c/li\u003e\n \u003cli\u003edata portability (allowing you to get and reuse your data for different services)\u003c/li\u003e\n \u003cli\u003eobject to how your data is processed in certain circumstances\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eYou also have rights when an organisation is using your personal data for:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eautomated decision-making processes (without human involvement)\u003c/li\u003e\n \u003cli\u003eprofiling, for example to predict your behaviour or interests\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003ch2 id=\"if-youre-concerned-about-how-an-organisation-is-handling-your-personal-data\"\u003eIf you’re concerned about how an organisation is handling your personal data\u003c/h2\u003e\n\n\u003cp\u003eContact the \u003cabbr title=\"Information Commissioner's Office\"\u003eICO\u003c/abbr\u003e for advice or to make a complaint.\u003c/p\u003e\n\n\u003cdiv class=\"contact\"\u003e\n\u003cp\u003eICO\u003cbr\u003e\nTelephone: 0303 123 1113\u003cbr\u003e\nTextphone: 18001 0303 123 1113\u003cbr\u003e\nMonday to Friday, 9am to 5pm\u003cbr\u003e\n\u003ca href=\"/call-charges\"\u003eFind out about call charges\u003c/a\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n\u003cdiv class=\"address\"\u003e\u003cdiv class=\"adr org fn\"\u003e\u003cp\u003e\nInformation Commissioner’s Office\u003cbr\u003eWycliffe House \u003cbr\u003eWater Lane\u003cbr\u003eWilmslow\u003cbr\u003eCheshire\u003cbr\u003eSK9 5AF\n\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cp\u003eYou can find more contact details on the \u003ca rel=\"external\" href=\"https://ico.org.uk/global/contact-us/contact-us-public/\"\u003e\u003cabbr title=\"Information Commissioner's Office\"\u003eICO\u003c/abbr\u003e website\u003c/a\u003e.\u003c/p\u003e\n\n"
}
{
"@context": "http://schema.org",
"@type": "BreadcrumbList",
"itemListElement": [
{
"@type": "ListItem",
"position": 1,
"item": {
"name": "Home",
"@id": "https://www.gov.uk/"
}
},
{
"@type": "ListItem",
"position": 2,
"item": {
"name": "Crime, justice and the law",
"@id": "https://www.gov.uk/browse/justice"
}
},
{
"@type": "ListItem",
"position": 3,
"item": {
"name": "Your rights and legal support",
"@id": "https://www.gov.uk/browse/justice/your-rights-legal-support"
}
}
]
}
{
"@context": "http://schema.org",
"@type": "FAQPage",
"headline": "Data protection",
"description": "The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself",
"publisher": {
"@type": "Organization",
"name": "GOV.UK",
"url": "https://www.gov.uk",
"logo": {
"@type": "ImageObject",
"url": "https://www.gov.uk/assets/frontend/govuk_publishing_components/govuk-logo-b8553f688131fad665e52a8c2df7633f9cd1c0fffb9f69703cc68c728e7b3b74.png"
}
},
"mainEntity": [
{
"@type": "Question",
"name": "The UK's data protection legislation",
"url": "https://www.gov.uk/data-protection",
"acceptedAnswer": {
"@type": "Answer",
"url": "https://www.gov.uk/data-protection",
"text": "Data protection legislation controls how your personal information is used by organisations, including businesses and government departments.
\n\nIn the UK, data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
\n\nEveryone responsible for using personal data has to follow strict rules called ‘data protection principles’ unless an exemption applies. There is a guide to the data protection exemptions on the Information Commissioner’s Office (ICO) website.
\n\nAnyone responsible for using personal data must make sure the information is:
\n\n\n - used fairly, lawfully and transparently
\n - used for specified, explicit purposes
\n - used in a way that is adequate, relevant and limited to only what is necessary
\n - accurate and, where necessary, kept up to date
\n - kept for no longer than is necessary
\n - handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
\n
\n\nThere is stronger legal protection for more sensitive information, such as:
\n\n\n - race
\n - ethnic background
\n - political opinions
\n - religious beliefs
\n - trade union membership
\n - genetics
\n - biometrics (where used for identification)
\n - health
\n - sex life or orientation
\n
\n\nThere are separate safeguards for personal data relating to criminal convictions and offences.
\n\nYour rights
\n\nUnder the legislation, you have rights in relation to your personal data, with some exceptions. These include the right to:
\n\n\n - be informed about how your data is being used
\n - access personal data
\n - have incorrect data updated
\n - have data erased
\n - stop or restrict the processing of your data
\n - data portability (allowing you to get and reuse your data for different services)
\n - object to how your data is processed in certain circumstances
\n
\n\nYou also have rights when an organisation is using your personal data for:
\n\n\n - automated decision-making processes (without human involvement)
\n - profiling, for example to predict your behaviour or interests
\n
\n\nIf you’re concerned about how an organisation is handling your personal data
\n\nContact the ICO for advice or to make a complaint.
\n\n\nICO
\nTelephone: 0303 123 1113
\nTextphone: 18001 0303 123 1113
\nMonday to Friday, 9am to 5pm
\nFind out about call charges
\n\n\n\nInformation Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF\n
\n\nYou can find more contact details on the ICO website.
\n\n"
}
},
{
"@type": "Question",
"name": "Find out what data an organisation has about you",
"url": "https://www.gov.uk/data-protection/find-out-what-data-an-organisation-has-about-you",
"acceptedAnswer": {
"@type": "Answer",
"url": "https://www.gov.uk/data-protection/find-out-what-data-an-organisation-has-about-you",
"text": "Write to an organisation to ask for a copy of the information they hold about you.
\n\nIf it’s a public organisation, write to their Data Protection Officer (DPO). Their details should be on the organisation’s privacy notice.
\n\nIf the organisation has no DPO, or you do not know who to write to, address your letter to the company secretary.
\n\nHow long it should take
\n\nThe organisation must give you a copy of the data they hold about you as soon as possible, and within 1 month at most.
\n\nIn certain circumstances, for example particularly complex or multiple requests, the organisation can take a further 2 months to provide data. In this case, they must tell you:
\n\n\n - within 1 month of your request
\n - why there’s a delay
\n
\n\nWhen information can be withheld
\n\nThere are some situations when organisations are allowed to withhold information, for example if the information is about:
\n\n\n - the prevention, detection or investigation of a crime
\n - national security or the armed forces
\n - the assessment or collection of tax
\n - judicial or ministerial appointments
\n
\n\nAn organisation does not have to say why they’re withholding information.
\n\nHow much it costs
\n\nRequests for information are usually free. However, organisations can charge an administrative cost in some circumstances, for example if:
\n\n\n - you’re asking for a large amount of information
\n - your request will take a lot of time and effort to process
\n
\n\n"
}
},
{
"@type": "Question",
"name": "Make a complaint",
"url": "https://www.gov.uk/data-protection/make-a-complaint",
"acceptedAnswer": {
"@type": "Answer",
"url": "https://www.gov.uk/data-protection/make-a-complaint",
"text": "If you think your data has been misused or that the organisation holding it has not kept it secure, you should contact them and tell them.
\n\nIf you’re unhappy with their response, you can make a complaint to the Information Commissioner’s Office (ICO) or get advice from the ICO.
\n\n\nICO
\nTelephone: 0303 123 1113
\nTextphone: 18001 0303 123 1113
\nMonday to Friday, 9am to 5pm
\nFind out about call charges
\n\n\n\nInformation Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF\n
\n\nYou can also chat online with an advisor.
\n\nThe ICO can investigate your claim and take action against anyone who’s misused personal data.
\n\nYou can also visit their website for information on how to make a data protection complaint.
\n\n"
}
}
]
}
| govuk:components_gem_version | 66.6.1 |
| csrf-param | authenticity_token |
| csrf-token | NcP5j-KOoKUjE3vGeIFEMgzZXKb3Px7cQ6UdAy8l8ncJamy5BhIwrBb-Z0Vlct9iffgkBA26KCR8nt1ie7Se4w |
| theme-color | #1d70b8 |
| og:image | https://www.gov.uk/assets/frontend/govuk-opengraph-image-4196a4d6333cf92aaf720047f56cfd91b3532d7635fc21ebcf0d5897df6b5f77.png |
| og:site_name | GOV.UK |
| og:type | article |
| twitter:card | summary |
| csp-nonce | K7gBQnqb5hobw0v0icqKiw== |
| govuk:format | guide |
| govuk:publishing-app | publisher |
| govuk:rendering-app | frontend |
| govuk:schema-name | guide |
| govuk:content-id | bcd1b210-3927-44d0-97fb-334ad1cea693 |
| govuk:ga4-base-path | /data-protection |
| govuk:first-published-at | 2011-11-15T10:53:08+00:00 |
| govuk:updated-at | 2026-06-25T14:34:35+01:00 |
| govuk:public-updated-at | 2025-01-22T15:54:24+00:00 |
| govuk:primary-publishing-organisation | Government Digital Service |
| govuk:ga4-browse-topic | employing people |
| govuk:organisations | |
| govuk:taxonomy_level1 | crime-justice-and-law |
| govuk:taxon-id | ed952e5a-2ea7-44c0-aed9-c97ffe58993b |
| govuk:taxon-ids | ed952e5a-2ea7-44c0-aed9-c97ffe58993b |
| govuk:taxon-slug | rights |
| govuk:taxon-slugs | rights |
Links:
Viewport: width=device-width, initial-scale=1