My Power: Know Your Rights

Digital Privacy: Take Back Your Data

Every click, search, and scroll is tracked, stored, and sold. Here's how to fight back — and what the law says they owe you.

UK GDPR: Your Data, Your Rules

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 give you powerful rights over your personal data. Every organisation that processes your data must have a lawful basis — and "because we felt like it" isn't one of them.

You have the right to know what data is held about you, to have it corrected, to have it deleted, to object to its processing, and to receive it in a portable format. These aren't suggestions — they're legally enforceable rights.

The Information Commissioner's Office (ICO) can fine organisations up to £17.5 million or 4% of global turnover for serious breaches. Your complaints are their ammunition.

Your UK GDPR Rights

  • Right of Access — find out what data any organisation holds on you (Subject Access Request).
  • Right to Rectification — get inaccurate data corrected.
  • Right to Erasure — have your data deleted ("right to be forgotten").
  • Right to Object — stop processing for marketing or profiling.
  • Right to Portability — get your data in a machine-readable format.
  • Right to Restrict Processing — limit what they do with your data while a dispute is ongoing.

Protect Yourself Online

Passwords & Authentication

80% of breaches involve weak or reused passwords. Use a password manager to generate unique 20+ character passwords for every site. Enable two-factor authentication everywhere — preferably with an authenticator app, not SMS.

Tracking & Surveillance

The average website loads 15+ trackers. Your browsing history, location, contacts, and even typing patterns are harvested. Use Firefox with uBlock Origin, switch to DuckDuckGo, and refuse unnecessary cookies — not just click "Accept All."

Phone Privacy

Your phone is the most powerful surveillance device ever built — and you carry it willingly. Review app permissions monthly. Disable location services for apps that don't need them. Turn off ad personalisation in your phone settings.

Subject Access Requests: How to See Your File

A Subject Access Request (SAR) forces any organisation to hand over all personal data they hold about you within 30 calendar days. It's free. You can submit one by email — no special form needed. Just write:

"Under Article 15 of the UK GDPR, I am making a Subject Access Request. Please provide all personal data you hold relating to me, including data processed by third parties on your behalf. My name is [X], my email/account is [Y]. Please respond within 30 days."

Data Breaches: Know When You've Been Leaked

Under UK GDPR, organisations must report serious breaches to the ICO within 72 hours and notify affected individuals "without undue delay." If you discover your data has been leaked (check at haveibeenpwned.com), change your passwords immediately and consider whether you have grounds for a compensation claim.

Essential Resources

Digital Privacy Action Checklist

Every step you take makes you harder to track, profile, and exploit.

Lock Down Your Digital Life
Practical steps to protect your privacy online and exercise your data rights.

Did this guide help you?

Britain Direct is independent and reader-supported. If you found this useful, please consider supporting our work or sharing it with others who need it.