x

Understand your privacy rights

Citizens in the United Kingdom and countries within the European Union have legal rights in respect of how personal data about them is collected, stored, used or otherwise acted on by businesses and organisations.

Net Lawman has condensed the law into a short, easy to read guide about how the law protects your personal data. It aims to help you understand your rights and the legal obligations that business and organisations that process and control your data have to you.

Use of this guide to discharge obligations to notify you of your rights

One of the legal obligations of businesses and organisations that handle your personal data is to tell you about your legal rights.

This microsite provides a guide to your legal rights regarding the processing of your personal data. If you’ve been referred to it from another website, then the owner of the website that you were previously visiting is meeting their obligation to inform you of your rights under the accountability principle.

Start

The Data Protection Act and the General Data Protection Regulation

The General Data Protection Regulation (known more commonly as the GDPR) came into force in May 2018 across all European Union Member States. Regulations binding acts that apply to all Member States without requiring a separate act of parliament to be passed in each.

Although it is a Regulation, the GDPR was written with the intention that it would be supplemented by additional law enacted by each Member State. The Data Protection Act is an act of parliament that further strengthens protection for individuals and gives data processors and controllers more extensive obligations. The same name has been used for entirely separate legislation in the UK and in the Republic of Ireland.

Since 1 January 2021, post Brexit, the GDPR no longer applies in the UK. However, the Data Protection Act 2018 (the 'UK DPA') does. Since the UK DPA is UK law and not EU law, it continues to apply even though the UK is no longer a member of the European Union.

Scope of the law

The following pages of this microsite explain when data protection law applies.

What many people don’t realise is that the law applies to personal data processed offline, and not to just that collected and used through websites and apps. While we associate privacy notices with websites (‘website privacy policies’), the requirements to disclose your privacy policy and other information about data subjects’ rights apply even if you do not operate a website.

If you supply a privacy notice offline (for example, as a schedule to a contract) then you can still refer your data subjects to this microsite in order to discharge your obligations to inform them of their rights.