6. Personal data must be processed in accordance with the rights of the individual.
As well as placing obligations on data controllers and data processors, the Data Protection Act gives individuals a range of rights to know what personal information is processed about them, to put it right if it is wrong or to stop it being used altogether.
They are also entitled to compensation, in certain circumstances, if they suffer harm by its processing.
This right to obtain a copy of personal data is known as the ‘right to subject access’.
The most commonly exercised right is to object to the processing of personal information for direct marketing. This covers marketing by any channel, for example, mail, telephone, fax and email.
As a business you can charge a fee for subject access. This can be a maximum of £10 and is a figure agreed by law.
Subject access states that if an individual requests access to the data in writing and pays a fee they must be:
The next section of this course explains more about subject access, including what to do if someone asks you for a copy of their data.