Leave quickly

Home > Resources > Self-help Resources > Information for Adult Survivors > Media & Privacy > Online Safety and Data Removal

Online Safety and Data Removal

If you’re a survivor worried that personal information online could put you at risk, you have legal rights to take control. Learn how to request data removal, protect your digital footprint, and stay safe online using your UK GDPR rights.

Why this matters

Having your personal information online can make you feel more vulnerable. A perpetrator or other harmful person might use publicly available data to track, intimidate or control you. Removing and protecting your personal data from searchable databases, people‑search sites, social media, data brokers and search engines is an important part of your safety plan. You have the right to protect yourself online.  While it takes time and may never be perfect, each action you take increases the distance between you and potential harm.

This page gives you practical, UK‑specific steps backed by legal rights, survivor safety guidance and everyday digital hygiene. It does not replace specialist advice. If you believe you are in danger, please contact immediate support (see ‘Support and help’ at the end).

Your legal rights in the UK

Understanding your rights is a key step towards protecting your privacy and safety. UK law gives you several powerful tools to control how organisations collect, store, and share your personal information. These laws apply to both online and offline data, whether held by public bodies, private companies, or charities.

The Right to Erasure (The “Right to be Forgotten”)

Timeline: Within one calendar month (two if the request is complex).

Under Article 17 of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you can ask an organisation to permanently delete your personal data. This is known as the right to erasure. You can make this request when:

  • The organisation no longer needs your data for the purpose it was collected.
  • You withdraw your consent for them to use your data.
  • You object to how your data is being used (for example, it causes you distress or risk).
  • The organisation collected or processed your data unlawfully.
  • The data must be deleted to comply with a legal obligation.

You don’t need to explain everything in detail. A short written statement such as “I am exercising my right to erasure under Article 17 UK GDPR” is enough to trigger their legal duty to review your request. Bear in mind this right is not absolute. There are circumstances when organisations can refuse.

The Right of Access (Subject Access Request)

Timeline: Organisations must respond within one month, and they cannot usually charge a fee.

You have the right to ask any organisation what information they hold about you and how they use it. This is known as a Subject Access Request (SAR). A SAR allows you to:

  • See what personal data is being held.
  • Check whether it’s being shared with anyone else.
  • Identify data that might put you at risk (e.g., an address or phone number that should be confidential).

You can request this by emailing or writing to the organisation’s Data Protection Officer or using any online form they provide. You don’t have to use a special template, simply state:

“I am making a Subject Access Request under Article 15 of the UK GDPR. Please provide a copy of all personal data you hold about me.”

The Right to Restrict Processing

Some data cannot legally be erased if it’s being kept for:

  • Compliance with a legal obligation.
  • Public interest or freedom of expression.
  • Legal claims or safeguarding obligations.

Even if erasure is refused, you can often request restriction of processing instead.If you cannot get data erased immediately. For example, because it is needed for legal purposes, you can ask the organisation to restrict how it is used. This means:

  • Your data can be stored securely but not used, shared, or published.
  • The restriction remains until the issue is resolved or you consent to further processing.

This can be vital if you are concerned that an organisation might inadvertently expose your data while you seek advice or evidence of risk.

Find out more

The Right to Object

You can object to how your data is being processed, particularly if it is used for:

  • Marketing or profiling purposes.
  • Public interest or official authority reasons where the use causes you harm or distress.

Once you object, the organisation must stop using your data unless they can prove they have compelling legitimate grounds that override your rights or safety.

For survivors, this is especially important if:

  • A company continues to contact you after you have asked them to stop.
  • Your data is being used to promote or link to content that identifies or endangers you.

Find out more

The Right to Rectification (Correction of Data)

Timeline: Organisations must correct the data “without undue delay”, usually within one month.

If your personal data is inaccurate or outdated, you can ask for it to be corrected or updated. For survivors, this may include:

  • Removing an old address or name that could link you to a previous location.
  • Correcting misleading information that may have been published online.
  • Ensuring outdated contact details are deleted or replaced with a safe, controlled point of contact.

Find out more

The Right to Complain and Seek Support

If an organisation fails to act on your request or continues to process your data unlawfully, you can:

  1. Complain directly to the organisation, asking for their internal review.
  2. Complain to the Information Commissioner’s Office (ICO) — the UK’s data protection regulator.

The ICO can investigate and, if necessary, take enforcement action against organisations that fail to respect your data rights.

If the misuse of your data has placed you in physical danger or ongoing harassment, you should also report it to the police and seek advice from a specialist support service (Support and Help).

Step‑by‑step: Practical data removal actions

Audit your digital presence

  • Google yourself (search your name + location + any known email/alias) and note results.

  • Check social media: what personal details (name, maiden name, address history, phone number) are publicly visible?

  • Identify websites or databases where your contact details appear (people‑search sites, data brokers, old blogs, forum posts).

  • Make a list of URLs (web addresses) where your data appears.

Contact websites directly

  • On each site where your data appears, look for a “privacy”, “contact us” or “data removal” option.

  • Use the organisation’s procedure to request removal (could be an online form, email, or letter).

  • When writing your request:

    • State clearly: “I request that you erase all personal data you hold about me under Article 17 UK GDPR.”

    • Provide identifying info (e.g. your name as shown, the URL).

    • If relevant: “I believe my personal safety is at risk if this data remains public.”

  • Keep copies of all correspondence and screen‑shots of your request and their responses.

Use search‑engine removal tools

For example:

  • Google offers a “Remove Outdated Content” or «Request removal» form for URLs that show your personal info.

  • Note: Removing a URL from search results does not delete the original content on the hosting website. You still need to contact the site.

Review data brokers and people‑search sites

Many companies aggregate and re‑publish personal info (addresses, phone numbers, email).

  • Some removal services exist, but you can undertake it yourself.

  • It’s time‑consuming and data can re‑appear, so periodic checks are advisable.

Strengthen your digital and device hygiene

  • Update your passwords, enable two‑factor authentication (2FA) on all accounts.

  • On social media: set your profile and posts to private, remove old posts which reveal personal data.

  • Clear browser history, use a separate device or profile if you share tech with others.

  • Consider obtaining a new email address or phone number if your current one is compromised.

  • If you share devices with a former partner or someone who may monitor you, ensure your accounts are logged out and consider factory‑resetting devices.

  • Be cautious about what you post online in future: avoid full name, location, DOB, previous address.

Create a long‑term monitoring plan

  • Set calendar reminders (e.g., every 3–6 months) to repeat your audit.

  • Use alerts: for instance Google Alerts for your name to see when new references appear.

  • Consider review of your credit file to detect any unusual activity.

  • Stay aware: data may re‑appear via third‑party aggregators, old articles, social media archives.

What to do if a perpetrator is misusing your data

When you are at increased risk, you may face more urgency. Follow these additional steps:

  • Document any threatening, harassing or controlling behaviour you believe is linked to your data being known.

  • Report to the police if you believe you are being stalked, harassed, threatened or subjected to technology‑enabled abuse. Online abuse and stalking are criminal offences.

  • Contact specialist services that support victims of stalking, technology‑facilitated abuse or domestic abuse (see ‘Support and help’).

  • Ask the organisations where your data appears if they can apply an additional “safety or sensitive flag” (some companies offer help for survivors/at‑risk individuals).

  • Consider legal advice or protection orders if you identify a risk from a specific individual.

Checklist: Key Actions for Survivors

Here is a progressive list. You may not need all steps, but each adds safety.

Action Why
Search your name + aliases + past addresses To identify exposure of your data
Make removal requests to websites/data brokers To reduce online footprint
Use search‑engine removal tools To reduce discoverability
Secure devices and accounts To prevent monitoring and re‑exposure
Schedule regular audits Because risk evolves over time
Get specialist support if you’re being harassed For enhanced protection and response

Support and Help

If you are in immediate danger  call  999  in the UK.

For non‑emergency abuse, call 101 or contact your local police.

If you are a survivor based in Warwickshire and need support understanding your rights, get in touch with our Independent Sexual Violence Advocates (ISVA) service.

Learn more about our ISVA service

Safeline
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.