GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) is EU legislation which updates privacy law across Europe. It aims to keep people’s personal information safer and to give people more say on how their information is used.

What is personal information?

By personal information, we mean any data that could identify you as a living individual.  This could include anything from your email address to a photograph, location data on your phone to a medical record.

GDPR came into effect on 25 May 2018 and so you will start to see some changes in how we handle your calls and queries so that we comply with the new rules and make sure you understand what we are doing with your personal information.

We’ve always taken our responsibilities about how we use and secure your personal information seriously. These new regulations build on what we already do and introduce some new processes that make it easier for you to learn about what we do with your information. It will mean that you have more rights about how your information is used.

You can also find a wealth of GDPR information on the Information Commissioner’s Office website.

What are your rights?

The General Data Protection Regulation provides a number of rights for individuals. These are:

You have a right to be informed about the collection of your personal data and how it will be used.

This will include why your personal data is being used, how long it will be kept for and who it will be shared with.

This is called privacy information and must be supplied to you.​

You have the right to access any personal data an organisation holds on you.

Once requested this data needs to be provided to you within a month.​

​You have a right to have any inaccurate personal data corrected if it is inaccurate.

You can make this request both verbally or in writing and any such request must be responded to within one month. 

In certain circumstances you can be refused such a request.

To make a request please use the Personal data enquiry form.

You can find out more about your rights on the ICO website.

​Under this right you can make a request to have the personal data an organisation holds on you erased.

You can make this request either verbally or in writing and any organisation must respond within a month.

This right is not absolute and only applies in certain circumstances.

To make a request please use the Personal data enquiry form. 

You can find out more about your rights on the ICO website.

​You have a right to request the restriction or suppression of personal data.

You can make this request verbally or in writing and you must be responded to within a month.

This means that while organisations can continue to hold your data they cannot use it.

This right is not absolute and only applies in certain circumstances.

To make a request please use the Personal data enquiry form.

Find out more about your rights on the ICO website.

This right allows you to get your own data from an organisation and then use this for your own purposes.

This means you can move, copy or transfer personal data easily from one IT system to another.

This could help you access services which can then use this data to help find you a better deal or price for something.

You can make this request verbally or in writing and you must be responded to within a month.​

To make a request please use the Personal data enquiry form.

You have the right to object to the processing of data based on your interests, for use in direct marketing and for the purposes of scientific and historical research and statistics.

Organisations have one month to respond to any objection you raise.​

To make an request please use the Personal data enquiry form.

You can find out more about your rights on the ICO website.

​The new regulations give you rights around your data when dealing with automated decision making.

This might mean when you are inputting details online and where decisions are made based on those details without human involvement. 

This also includes the profiling of your data – for example, where websites suggest things you might be interested in based on items you’ve previously viewed.