You have the right to ask an organisation whether or not they are using or storing your personal information.

You can also ask them for copies of your personal information, verbally or in writing. This is called the right of access and is commonly known as making a subject access request or SAR.

What is ‘Personal Data’?

Personal Data means any information relating to an identifiable person who can be directly, or indirectly, identified.

Personal identifiers include a name, identification number, location data or online identifier. It applies to automated personal data as well as manual filing systems where personal data is accessible according to specific criteria; this could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.