Data Protection FAQs – For the public

The Data Protection Act 1998 gives you the right to apply for a copy of your personal information. You will need to put your request in writing, by letter or email, and send it to the person or organisation you believe holds this information. Make sure to put your name and address and keep a copy. It is a good idea to make clear you are asking for the information under the Data Protection Act 1998.

Yes, under the Data Protection Act they can ask for a fee of up to £10.00 for each request made.

For more information on your rights, read Subject Access - A guide for data subjects

^ Back to top

You can make a request of your personal information in writing, by post, letter or fax.

^ Back to top

They should respond to your request as soon as they can but the maximum time they have is 40 calendar days.

^ Back to top

If your neighbour is a private individual e.g. the cameras are on their residential property, it is unlikely that they will be breaching the Data Protection Act because there is an exemption for domestic/household processing of personal data as long as this does not involve putting personal information on a website or otherwise disclosing it to the world at large without good reason. They may however be breaching other legislation, such as the law about harassment or voyeurism, and so may be referred to another body such as the police to investigate.

You can find out more information on our CCTV page.

^ Back to top

Under Section 42 an individual has the right to make a complaint to the Information Commissioners Office.

Make a complaint - Data protection

^ Back to top

The Data Protection Act prohibits the transfer of personal information from the UK to other countries unless those countries can ensure the same level of protection. Organisations can also set up contracts with overseas organisations receiving personal information. This ensures that a higher standard of protection is in place than there might have been in the receiving country.

Organisations in the UK which have personal information processed on their behalf overseas are responsible for the security of your information. The UK organisation is required to make sure the company overseas complies fully with the UK Data Protection Act.

^ Back to top

Under the Data Protection Act you can request a copy of your credit history file, which lists the loans, mortgages and credit cards you have and whether these have been paid on time. It will also show if the payment has gone into default or been satisfied. You can apply to one or all of the main credit reference agencies (Equifax, Experian or Call Credit). If any details on your file are incorrect you should go back to the person or organisation who has put this on your record and ask them to update their records.

^ Back to top

Under the fourth principle of the Data Protection Act, information must be accurate and up to date. If you feel that your information is not factually accurate (this is information that can be proven to be inaccurate and not an opinion of the person or organisation) you must contact the person or organisation that is holding this information and tell them you believe your information needs updating to be factually accurate under the Data Protection Act. If they fail to do this and your information still remains factually inaccurate you can contact the ICO.

^ Back to top

There are generally two things you can do if you are a private individual receiving unsolicited marketing information through the post (junk mail):

1. you can register your details with the Mail Preference Service. Although it is not a legal obligation for Data Controllers to check the MPS before sending junk mail most reputable organisations will do so; or
2. you can exercise your right under the Act to ‘Prevent processing of your personal data for Direct marketing Purposes’ (section 11).

^ Back to top