The Data Protection Act (DPA) was created and put into law to make sure that people can request and receive their personal information that is held on a computer system by a company or other third party.
The law allows for a charge to be made to you when you request your information; the maximum charge that can be made is £10.
When you make a request for your information, you are making a "Subject Access Request" and you make that request to the "Data Controller".
A request is made by yourself to the Data controller.
When your request is made, the company or third party has 40 days to comply and send you the information they store about you on their computers. Please note that if information is not held on computers (i.e. paper based records), the company or third party has no obligation to send that information to you as it is not covered by the DPA.
Please note that if the request you make is not clear or does not ask for the right information, the Data Controller can refuse to send the information to you, but they do have to respond and make a formal refusal.
The Freedom of information act does not apply as that act is relevant only to government agencies and departments.
We have prepared a letter that you can use to make a DPA request. Click here to view the letter.