GDPR basics for consumers: The General Data Protection Regulation (GDPR) is the main law for protecting personal data and privacy in both the UK and the EU/EEA. In the EU, the new Digital Services Act (DSA) also strengthens your online rights and transparency, especially for large digital platforms and some online services.
GDPR gives you rights and sets responsibilities for organisations that use your information.
All information in this guide is based on actual law and official regulator guidance. See the full law at UK GDPR, EU GDPR, and EU Digital Services Act (DSA).
GDPR gives you rights and sets responsibilities for organisations that use your information.
All information in this guide is based on actual law and official regulator guidance. See the full law at UK GDPR, EU GDPR, and EU Digital Services Act (DSA).
Who is Protected by GDPR Basics for Consumers?
- Everyone whose data is collected in the UK, EU, or EEA is protected by GDPR, no matter where they live or their nationality.
- EU/EEA residents also benefit from additional digital rights and transparency protections under the Digital Services Act (DSA), which works alongside GDPR for certain online platforms and digital services.
What Counts as Personal Data under GDPR?
- Personal data means any information that can identify you directly or indirectly. This includes your name, email, phone number, address, photo, health info, online ID, or location.
- For the official definition, see ICO – What is personal data?
How Does GDPR Basics for Consumers Protect You?
- Organisations must use your data fairly, lawfully, and transparently.
- They can only collect what is needed and must keep it up to date.
- Your data must be stored securely and deleted when no longer needed.
- You have clear rights over your data—learn more at Know Your Digital Rights.
- For more, see ICO – Your Data Protection Rights and EU Data Protection Board.
Legal Bases for Using Your Personal Data
- Consent: You clearly agree to the use of your data.
- Contract: It is needed to provide a service you requested.
- Legal obligation: The law requires it.
- Vital interests: Needed to protect someone’s life.
- Public task: For tasks carried out in the public interest.
- Legitimate interests: The organisation’s real need, but never overriding your rights.
- Official reference: ICO Lawful Basis
How Adhoc Support CIC Applies GDPR and DSA
- Adhoc Support CIC handles all data according to the UK GDPR, EU GDPR, the Data Protection Act 2018, and our Privacy Policy.
- Our policies comply with both UK GDPR and EU GDPR, as well as the transparency and due diligence standards of the EU Digital Services Act (DSA).
- Only the minimum necessary data is collected.
- No data is sold, profiled, or used for marketing.
- All data is stored on ISO 27001-certified servers in Germany (Hetzner).
- No data is transferred outside the UK/EEA.
- The Data Protection Officer (DPO) oversees compliance: dataprotection@adhocsupport.org.
- Your full rights are explained at Know Your Digital Rights.
Contact & Further GDPR/DSA Resources
Compliance Statement
This guide is compliant with the ICO Data Sharing Code of Practice, UK GDPR, EU GDPR, and, where applicable, the EU Digital Services Act (DSA).
All advice is based on official legislation and regulator guidance. For more, see our Privacy Policy or contact our DPO.
All advice is based on official legislation and regulator guidance. For more, see our Privacy Policy or contact our DPO.