Utilising your rights under GDPR

26th Aug 2020

Use the below templates as starting points to help you invoke your rights under the General Data Protection Regulation (GDPR). Remember, for first hand information from the regulator, visit the ICO Website directly.

Protect your friends by sharing this article with them:

Your Right To Object

“You have an absolute right to object to an organisation using your data for direct marketing – in other words, trying to sell things to you. This means it must stop using the data if you object.” – ICO Website

If you want to object to the way an organisation is using your personal data, send the below letter/email to invoke your ‘Right To Object’:


[Name and address of the organisation]

Dear [Sir or Madam / name of the person you have been in contact with]

Information rights concern
[Your details to help identify you]

I am concerned that you have not handled my personal information properly.

[Give details of your concern, explaining clearly and simply what has happened and, where appropriate, the effect it has had on you.]

I understand that before reporting my concern to the Information Commissioner’s Office (ICO) I should give you the chance to deal with it.

If, when I receive your response, I would still like to report my concern to the ICO, I will give them a copy of it to consider.

You can find guidance on your obligations under information rights legislation on the ICO’s website (www.ico.org.uk) as well as information on their regulatory powers and the action they can take.

Please send a full response within one calendar month. If you cannot respond within that timescale, please tell me when you will be able to respond.

If there is anything you would like to discuss, please contact me on the following number [telephone number].

Yours faithfully


It is the organisation’s legal obligation to respond, either by;

  1. Removing you from their direct marketing list
  2. Giving you a valid reason for not obliging… If you do not agree with their reason; you can report to the ICO here: https://ico.org.uk/make-a-complaint/

For more information and instruction on your rights, please visit the ICO website: https://ico.org.uk/your-data-matters/the-right-to-object-to-the-use-of-your-data/.


Your Right Of Access

Have you received a bit of direct marketing that you didn’t give your consent to receive? Or do you just want to know what personal data an organisation holds relating to you? Send the below example email to the relevant person at the organisation to invoke your Right Of Access:


[Name and address of the organisation]

Dear Sir or Madam

Subject access request

[Your full name and address and any other details to help identify you and the data you want.]

Please supply the data about me that I am entitled to under data protection law relating to: [give specific details of the data you want, for example:

    • Your organisations legal basis for marketing to me 
    • Where you acquired my personal data
    • my personnel file]

If you need any more data from me, or a fee, please let me know as soon as possible. It may be helpful for you to know that data protection law requires you to respond to a request for data within one calendar month.

If you do not normally deal with these requests, please pass this letter to your Data Protection Officer, or relevant staff member. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. The ICO’s website is ico.org.uk or it can be contacted on 0303 123 1113.

Yours faithfully



Note; it is a legal requirement for EU organisations to provide this information if requested. For more information and instruction on your rights, please visit the ICO website: https://ico.org.uk/your-data-matters/your-right-of-access/.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.