Data Protection

The Data Protection Act 2018 controls how your personal information is used by organizations, businesses, or the government.


The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).


Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:


used fairly, lawfully, and transparently

used for specified, explicit purposes

used in a way that is adequate, relevant, and limited to only what is necessary

accurate and, where necessary, kept up to date

kept for no longer than is necessary

handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:



ethnic background

political opinions

religious beliefs

trade union membership


biometrics (where used for identification)


sex life or orientation

There are separate safeguards for personal data relating to criminal convictions and offenses.


Your rights

Under the Data Protection Act 2018, you have the right to find out what information the government and other organizations store about you. These include the right to:


be informed about how your data is being used

access personal data

have incorrect data updated

have data erased

stop or restrict the processing of your data

data portability (allowing you to get and reuse your data for different services)

object to how your data is processed in certain circumstances

You also have rights when an organization is using your personal data for:


automated decision-making processes (without human involvement)

profiling, for example, to predict your behavior or interests


For more information and the full policy please visit: