⚖ Important — Please Read Before Continuing

Scroll to the bottom to accept the disclaimer and access the tool

Scroll down to read the full disclaimer before accepting

1. This is guidance — and only ever guidance

Everything produced by ukworkrights.co.uk is general guidance. It is not legal advice. It is not a substitute for advice from a qualified solicitor. Never treat it as the final word — use it as a starting point, then check and take responsibility for any action you take.

2. AI can make mistakes

The guidance is generated by artificial intelligence. AI can and does make mistakes — wrong dates, wrong figures, wrong legal references, missed nuances. Read everything carefully. If the matter is serious, get it checked by ACAS, Citizens Advice, or a qualified solicitor before acting on it.

3. Verified figures and guidance sources

Statutory figures (such as rates for minimum wage, SSP, redundancy, pension contributions, council tax bands, flight compensation amounts, and benefit rates) are verified against GOV.UK, ACAS, Citizens Advice, and relevant regulatory bodies. Laws and rates change regularly. Always verify important figures at gov.uk before making decisions or taking action.

4. Your description stays private

The situation you describe is used to generate your guidance and is then discarded. It is never stored or shared. Any informal language, slang, or strong emotion in your description will not appear in the output.

5. Your responsibility

By using this service you accept that you will treat all output as general guidance only, verify important information with official sources, and seek professional legal advice for serious or complex matters. ukworkrights.co.uk accepts no liability for any loss or damage arising from your use of or reliance on this service.

6. Useful Official Resources

  • ACAS — Free employment advice: 0300 123 1100 — acas.org.uk
  • Citizens Advice — Free legal guidance: 0800 144 8848 — citizensadvice.org.uk
  • GOV.UK — Official UK government guidance: gov.uk
  • ICO — Data protection queries: 0303 123 1113 — ico.org.uk
  • Financial Ombudsman — Financial disputes: 0800 023 4567 — financial-ombudsman.org.uk
  • Energy Ombudsman — Energy disputes: ombudsman-services.org/energy
  • NHS — Healthcare guidance: nhs.uk
  • Veterans UK: 0808 1914 218
  • Benefits helpline: 0800 169 0310

For personal injury claims, immigration advice, criminal matters, or complex legal situations — always consult a regulated solicitor. Find one at solicitors.lawsociety.org.uk or gov.uk/find-a-solicitor.

7. Scope of this service

This service covers a wide range of UK rights topics including employment, housing, benefits, consumer rights, driving, NHS complaints, data protection, tax, school rights, wills and probate, energy, travel, and more. For all topics, the guidance is general in nature. For regulated activities — including personal injury claims, immigration applications, criminal defence, and financial advice — you must use a regulated professional.

📚 Guides All topics Help & FAQ How it works 📅 Key Dates Know your deadlines 📰 News Latest law changes 📞 Helplines Free support numbers 🚗 Driving School Free AI companion 📋 Toolbox Talks H&S topics
🚀 We've just launched! This site is in beta — fully live but still being fine-tuned. Spotted something? Let us know.

Report an Issue

Tell us what went wrong and we'll look into it. We'll be in touch as soon as we can.

Your name and email will only be used to respond to your report. See our Privacy Policy.

Share Your Feedback

Good or bad — we'd love to hear what you think. No strings attached.

Your feedback helps us make the site better for everyone. See our Privacy Policy.

🔒 Data Protection Guide

Data Protection & Your Rights Under UK GDPR in 2026

Your employer, a company or a public body holds data about you. This guide explains your rights under UK GDPR — including Subject Access Requests, the right to erasure, and how to complain to the ICO.

✅ Last verified: July 2026📚 Sources: GOV.UK, ACAS, Citizens Advice🇬🇧 Applies across the UK

⚖ Know Your Rights at a Glance

Your rights under UK GDPR

UK GDPR (the UK's post-Brexit version of GDPR, retained in UK law) gives you the following rights over your personal data:

Subject Access Requests — how to make one

A Subject Access Request (SAR) lets you request all personal data an organisation holds about you. Steps:

  1. Write to the organisation's Data Protection Officer (DPO) or main contact — email is fine
  2. State clearly that you are making a Subject Access Request under UK GDPR Article 15
  3. Provide enough information to identify yourself (name, account number, address)
  4. You don't have to give a reason

The organisation must respond within 1 month (extendable by 2 months for complex requests with notice). The response must be free. If they refuse, they must explain why.

Your employer and your data

Your employer can lawfully hold personal data about you for employment-related purposes — payroll, performance, health and safety, disciplinary records. They must:

You can send your employer a SAR for your employment records — meeting notes, performance reviews, emails about you, disciplinary records. This is often useful before bringing an employment tribunal claim.

Complaining to the ICO

If an organisation breaches your data rights, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. You should usually complain to the organisation first and allow them 3 months to respond before escalating to the ICO.

The ICO can investigate, issue enforcement notices and fines. For serious breaches (data security incidents, unlawful processing), the ICO can fine organisations up to £17.5 million or 4% of global annual turnover, whichever is higher.

1
Send a SAR to your employer before a tribunal claim

Email their HR/DPO asking for all personal data held about you. This often surfaces useful evidence — meeting notes, emails, disciplinary records.

2
Request erasure of data you no longer want held

Write to the organisation stating you are exercising your right to erasure under UK GDPR Article 17. Explain why (e.g. no longer necessary, consent withdrawn).

3
Object to direct marketing immediately

Write to the organisation stating you are objecting to direct marketing processing under UK GDPR Article 21. This is absolute — they must stop.

4
Complain to the ICO if your request is ignored

If an organisation ignores your SAR or refuses without justification, report to the ICO at ico.org.uk. The ICO can compel compliance.

5
Report data breaches

If an organisation loses or leaks your personal data, they must notify the ICO within 72 hours and notify you if the breach is likely to cause harm. If they don't, report to the ICO.

🔒 Check Your Data Protection Rights

Describe your data rights situation and get guidance on what you can do.

Use the Free Checker →

Frequently asked questions

Can I ask my employer for my emails and meeting notes?
Yes — a SAR covers all personal data held about you, including emails where you are discussed, meeting notes, and appraisal records. You have 1 month to receive them free of charge.
Can an organisation refuse my SAR?
Only in limited circumstances — if the request is manifestly unfounded or excessive, or if providing the data would reveal information about a third party that should not be shared. They must explain any refusal.
What is a Data Protection Officer and how do I contact one?
Larger organisations must appoint a DPO. Their contact details should be in the organisation's privacy policy. Small organisations may not have one — address your SAR to the organisation directly.
Can my employer monitor my work emails?
Yes, with some limits. Employers can monitor work communications for legitimate business purposes, but must tell you they do this in advance (usually in a staff handbook or IT policy). Covert monitoring has a much higher threshold.
What is the PECR?
The Privacy and Electronic Communications Regulations control how organisations can contact you by email, text and phone for marketing. Spam emails, nuisance calls and unsolicited texts may breach PECR — report to the ICO.
I received a data breach notification — what should I do?
Don't panic. Change passwords for affected accounts, monitor bank statements, and consider a credit check. If you suffer financial loss due to the breach, you may have a compensation claim against the organisation.
Can I claim compensation for a data breach?
Yes — UK GDPR Article 82 gives individuals the right to claim compensation for material or non-material damage caused by a data breach. This includes distress. Claims can be brought in the civil courts.

📞 Free help and support

ICO: 0303 123 1113 | ico.org.uk

Citizens Advice: 0800 144 8848

National Cyber Security Centre: ncsc.gov.uk

⚠ Important disclaimer: This guide covers data protection rights across the UK as at July 2026. General legal information only — not legal advice. Verify with ACAS, GOV.UK or Citizens Advice before acting. ukworkrights.co.uk — Not a law firm.

⚖ Free Account — UK Work Rights

Register free to download reports and use the Letters generator

Scroll down to complete your registration

Sign in or register with Google — free, instant, no password needed.

🤖 Drag to verify you are human
>>

No password · No spam · Free forever