Skip to content

Data protection, online safety and digital privacy

Online life is governed by UK GDPR, the Data Protection Act 2018, the Online Safety Act 2023, and a patchwork of FCA, ICO, and police rules. This hub covers individuals' UK GDPR rights (subject access requests, erasure, rectification, objection), data-breach reporting and ICO complaints, intimate-image abuse and revenge-porn removal, social-media content takedowns, cyberstalking and harassment, online fraud recovery and authorised-push-payment scam reimbursement, online defamation, children's online safety, cookie consent under PECR, and how to escalate against platforms that fail their duty of care under the Online Safety Act.

13 guides in this section

Popular guides

View all 13

Prepare with a checklist

All guides in this section

UK GDPR Rights for Individuals

The 8 individual rights, the role of the ICO, and how to enforce them.

Data Subject Access Requests

How to make a SAR, the 1-month response deadline, and what to do if refused.

Right to Erasure (Right to be Forgotten)

The grounds for erasure, exemptions, and search engine de-indexing.

When a Company Has a Data Breach

Notification duties, ICO complaints, and Article 82 compensation claims.

Removing Content from Social Media

Platform reporting tools, the Online Safety Act 2023, and UK GDPR routes.

Removing Intimate Image Abuse

Section 67A of the Sexual Offences Act, OSA 2023 offences, and the Revenge Porn Helpline.

Recovering Money Lost to Online Fraud

PSR APP fraud reimbursement scheme (October 2024), £85,000 cap, and Action Fraud reporting.

Dealing with Cyberstalking

Protection from Harassment Act 1997, Stalking Protection Orders, and police involvement.

Children's Online Safety

Online Safety Act duties, the ICO Children's Code, and CEOP reporting.

Online Defamation

Defamation Act 2013 serious harm test, website operator procedure, and litigation routes.

Cookie Consent and Marketing Email Rules

PECR rules on cookies and marketing emails, ICO enforcement, and how to opt out.

Online Safety Act 2023: Platform Duty of Care

Statutory duties on platforms, Ofcom regulation, illegal content duty, child safety, Category 1 duties, and penalties.

Intimate Image Abuse: 2024 Offences

Sexual Offences Act 2003 ss.66A-66D, deepfake offence, victim anonymity, StopNCII removal route, and Revenge Porn Helpline.

Frequently asked questions

How do I make a Subject Access Request?
Write to the company (any format — email, letter, even verbally if confirmed in writing) asking for a copy of the personal data they hold about you. They have 1 calendar month to respond, and it must be free in most cases. The ICO website has template letters.
What can I do if my bank refused to refund a fraud loss?
Since October 2024, banks must reimburse most authorised push payment (APP) fraud losses up to £85,000 within 5 business days under PSR rules. If your bank refuses, complain in writing. If unresolved within 8 weeks, escalate to the Financial Ombudsman Service.
Can I get content removed from social media?
Most platforms have reporting tools for harassment, defamation, intimate image abuse, and impersonation. The Online Safety Act 2023 requires platforms to act on illegal content. For unlawful content, you can also use a UK GDPR right to erasure or, in serious cases, court action.
How do I report a data breach?
Complain to the company first. If unresolved or serious, report to the ICO at ico.org.uk. The ICO can fine companies up to £17.5 million or 4% of global turnover. You can also claim compensation for distress under Article 82 UK GDPR.

Explore more

Disclaimer

This information is for general guidance only and does not constitute legal, financial, or professional advice. Always check official sources and seek qualified help where needed.