- No automated removal service covers UK-specific brokers like 192.com, Tracesmart, or PeopleTraceUK. You will need manual removals for these.
- Roughly 19 million UK adults are on the open electoral register and commercially available to anyone willing to pay.
- Incogni is the strongest automated option for UK residents, but its 420+ broker list is overwhelmingly US-focused.
- The Data Use and Access Act 2025 introduced new complaint rights and raised marketing fines to £17.5 million, but created no data broker registry.
- DIY removal takes 15 to 25 hours upfront and 60+ hours per year to maintain. Most people burn out within six months.
The UK data removal market is dominated by US-focused affiliate sites, VPN company marketing, and legalistic ICO guidance. None of it is written by actual practitioners, none covers UK-specific data brokers in depth, and none references the Data Use and Access Act 2025. This guide changes that. It draws on first-hand investigator experience and covers the UK data broker ecosystem in full: where your data sits, who holds it, what your legal rights are, which services actually work for UK consumers, and exactly how to remove yourself, step by step.
1. The UK data broker market: a complete map
The UK data broker ecosystem is vast, fragmented, and poorly understood by consumers. Data flows from a handful of public record sources (the open electoral register, Companies House, HM Land Registry, and telephone directories) through credit reference agencies and specialist brokers into thousands of downstream marketing, people-search, and verification products.
192.com
Experian
Equifax
TransUnion
Companies House
Clearview AI
Acxiom
ICOUK people-search sites
192.com is the UK’s dominant people-search engine, holding over 700 million residential and business records. These include 200 million records from 2002 to 2017 edited electoral rolls and 2.3 million company listings. Data sources include the open electoral register, BT-OSIS telephone directory, Companies House, and Land Registry. Their opt-out uses an online form at 192.com/c01/new-request/, which adds users to a suppression file matching name and postcode. Removals are typically processed within 24 to 48 hours of clicking a confirmation email link. The suppression file automatically blocks future data loads from suppliers. However, removal from 192.com does not remove cached Google results. Users must separately use Google’s outdated content removal tool.
PeopleTraceUK (peopletraceuk.com) claims access to over 40 million names and addresses from the open electoral register, consented consumer databases, and telephone data providers. They have a record removal page at peopletraceuk.com/RequestRecordRemoval.asp, though it is not prominently featured.
Tracesmart is now a trading name of LexisNexis Risk Solutions UK Limited, offering people search via REST API primarily to businesses. Their data combines the 2002 to 2013 electoral roll with a proprietary “Tracesmart Register.” Forum users report removal requests are difficult. MoneySavingExpert threads describe Tracesmart as “not very helpful.”
Additional UK people-search sites identified include UKPhonebook.com (electoral register and phone data, removal via ukphonebook.com/help), BT Phone Book (thephonebook.bt.com, removal by going ex-directory through your phone provider), 118118 (directory enquiry listings from BT-OSIS, removal also via ex-directory), Open Register Search (openregistersearch.co.uk, subscription-based instant search claiming “millions of names and addresses”), TraceGenie (tracegenie.com, has a removal form), T2A (t2a.io, contact form only), and theukelectoralroll.co.uk (no removal form available).
Electoral roll data flow
The UK electoral register exists in two forms: the full register (restricted by law to electoral administration, credit checking, jury service, law enforcement, and political campaigning) and the open register (an extract available for purchase by anyone for any purpose at £20 plus £1.50 per 1,000 entries). Approximately 40% of registered electors remain on the open register. That means roughly 19 million UK adults have not opted out, and their names and addresses are commercially available.
The data flow works like this: local Electoral Registration Officers sell open register data to purchasers. The largest buyers are Experian (identified as the key intermediary by stopjunkmail.org.uk), Equifax, TransUnion, and people-search sites like 192.com. These buyers enrich the data with other sources and resell to end clients.
The Electoral Commission has called for the open register to be abolished, as has the ICO, the Local Government Association, and the Association of Electoral Administrators. But the government has moved in the opposite direction, discouraging opt-outs since 2014. Critically, opting out is not retrospective. Data brokers who purchased previous editions retain that data legally.
Credit reference agencies as data brokers
All three UK CRAs operate marketing data divisions separate from their credit bureaus.
Experian Marketing Services offers Mosaic consumer segmentation (classifying every UK household), Delphi marketing scores, consumer prospect data from the open electoral register, and data cleansing services. Consumers can opt out via their Consumer Information Portal at experianmarketingservices.digital/OptOut, which adds them to a “No Marketing Request” suppression file. Processing takes 7 days with full removal at the next monthly database build.
Equifax offers screening services, electoral register data supply, and marketing list screening. The CRAIN (Credit Reference Agency Information Notice) confirms consumers have an “absolute right to object to their personal data being used for direct marketing purposes.” Contact: PO Box 10036, Leicester, LE3 4FS.
TransUnion UK (formerly Callcredit) offers similar screening and data supply services. Opt-out via email to ukconsumer@transunion.com, with processing taking up to 30 days.
UK marketing and data companies
Acxiom UK (part of Interpublic Group) operates the InfoBase consumer database and Personicx segmentation system with 55 clusters at individual/household level. Claims responses from over 20 million UK consumers for lifestyle survey data.
CACI created the UK’s first geodemographic classification in 1979. Their Acorn system classifies UK postcodes into 6 categories, 18 groups, and 62 types using Land Registry, lifestyle survey, and commercial data.
GBG (GB Group) provides identity verification and fraud prevention using data from 200+ global partners. Notably, they had access to the Learning Records Service database covering 28 million children and students for age verification. GBG sold its Marketing Services division in 2021.
REaD Group specialises in deceased data suppression. Additional UK marketing data companies include Databroker Ltd (data-broker.co.uk, independent list broker with DMA registration), UK Marketing Management (claims over 1.48 million verified B2B contacts and almost 40 million consumer records across 500+ lists), Data HQ (operating since 2001), DBS Data Marketing (works with 100+ agencies), and Data Bubble (ISO 9001:2015 certified independent list broker).
Global brokers holding UK data
Clearview AI holds a database of 20+ billion facial images scraped from the public internet, inevitably including large numbers of UK residents. The ICO fined Clearview £7,552,800 in May 2022 for multiple UK GDPR breaches. Clearview appealed, winning at the First-tier Tribunal on jurisdictional grounds in October 2023. But the Upper Tribunal reversed this in October 2025, reinstating the fine and confirming UK GDPR applies to overseas companies facilitating monitoring of UK individuals.
TrueCaller maintains a global crowdsourced database of phone numbers. Even non-users appear if someone with TrueCaller has their number saved. UK opt-out is via truecaller.com/unlisting.
Pipl aggregates data from public records and third-party providers globally, including UK records. Opt-out requires emailing privacy@pipl.com with processing taking 14 to 30 business days.
Spokeo, Radaris, and BeenVerified are primarily US-focused with limited UK data from social media and web scraping. People Data Labs claims 1.5+ billion unique person records including UK professional data.
B2B and professional data brokers
Apollo.io holds 275+ million contacts across 73+ million companies, including UK professionals, with data from public web crawling, 2+ million data contributors, and verified third-party providers. UK opt-out via their Privacy Center or privacy@apollo.io.
Cognism is notably strong in EMEA markets with GDPR-compliant phone-verified data. ZoomInfo, Snov.io, LinkedIn Sales Navigator, Crunchbase, Clay, and SalesIntel all hold UK professional data to varying degrees. All must comply with UK GDPR erasure requests.
Companies House exposure
New from 2025: Directors can now apply to suppress residential addresses from historical filings. Application via Form SR01, £30 per document, no reason required.
Director names, service addresses, and month/year of birth are publicly visible. Pre-October 2015 filings may still show full dates of birth and residential addresses. The Economic Crime and Corporate Transparency Act 2023 has brought major reforms:
- From 27 January 2025: Directors can apply to suppress residential addresses from historical filings even where used as registered office address (previously impossible)
- From 21 July 2025: Scope expanded to include signature, business occupation, and day of date of birth from pre-2015 filings
- From 18 November 2025: All directors, PSCs, and LLP members must verify identity with Companies House
- Application via Form SR01, fee of £30 per document, no reason required
Key limitation: if a company is dissolved, the first part of the residential postcode may remain visible even after suppression.
HM Land Registry
Title registers contain names and correspondence addresses of registered proprietors, available to the public for £3 per document online. The Price Paid Dataset (24+ million records from 1995 onwards) is open data but shows only property addresses and transaction prices, not owner names.
Critically, the Index of Proprietors’ Names cannot be searched for private individuals. You cannot look up what properties someone owns by name. HM Land Registry’s position is that the right to erasure “will not apply where HM Land Registry is legally required to maintain and provide access to personal information recorded in our public registers.”
2. Every data removal service rated for UK consumers
The critical finding: the market is overwhelmingly US-centric
Of the 12+ data removal services researched, only two (Incogni and DeleteMe) explicitly serve UK residents and apply UK GDPR for removal requests. Even these primarily target US-based data brokers.
No automated service currently covers UK-specific brokers like 192.com, Tracesmart, PeopleTraceUK, or 118118. This is the single most important fact for UK consumers evaluating these services.
| Service | UK available | UK broker coverage | Brokers covered | Price (annual) | Verdict |
|---|---|---|---|---|---|
 Incogni | Yes | Partial | 420+ | approx. $96/yr | Best automated option for UK |
 DeleteMe | Yes (intl portal) | Partial | approx. 85 (Standard) | approx. $103/yr | Hybrid human + auto, misleading “976+” claim |
 Optery | No (US only) | None | up to 640 | Free scan / $300/yr | Great free scan, but US only |
 Rightly | Yes (UK native) | Companies only | N/A (targets companies) | Free | Targets retailers, not brokers |
| Kanary | No | None | 300+ | approx. $120/yr | US only |
| EasyOptOuts | No | None | N/A | $20/yr | Cheapest, 65% success rate, US only |
| Norton Privacy | No | None | 19-34 | approx. $156/yr | US only, minimal coverage |
| Aura | No | None | 140-200+ | approx. $144/yr | US only |
| OneRep | No | None | 199-313 | approx. $100/yr | US only. Trust concern: CEO founded data broker sites |
| Mozilla Monitor+ | N/A | N/A | N/A | N/A | Shut down Dec 2025 |
Incogni (by Surfshark): best automated option for UK users
Incogni is currently the strongest automated option for UK consumers. Pricing as of early 2026:
- Standard Individual: $15.98/month or $7.99/month billed annually ($95.88/year)
- Unlimited Individual: $14.99/month billed annually ($179.88/year)
- Standard Family (up to 5 people): roughly $11.49/month billed annually (roughly $137.88/year)
- Family Unlimited: $22.99/month billed annually ($275.88/year)
Covers 420+ data brokers on all plans, expanding to 2,420+ domains with Custom Removals on Unlimited plans. Explicitly available in the UK and Northern Ireland, leveraging UK GDPR to compel broker compliance. A Deloitte audit (August 2025, ISAE 3000 Revised, “limited assurance”) verified that Incogni covers at least 420 broker websites, receives removal confirmations from all covered brokers, sends recurring requests at intervals of 60 days or less (public) and 90 days or less (private), does not sell customer data, and has processed over 245 million data removal requests since January 2022.
UK limitations: The vast majority of those 420+ brokers are US-focused people-search sites. No confirmed coverage of 192.com, UK electoral roll scrapers, or UK-specific people-search sites. The service identifies private brokers using region-based identification for users located in the UK, sending requests to brokers that “may potentially hold your data.” This is speculative rather than targeted.
DeleteMe (by Abine): hybrid approach, UK available
DeleteMe’s primary US website states “U.S. residents only,” but a separate international portal explicitly lists the UK as supported.
- 1 Person: $103.20/year ($8.60/month) or $167.20/2 years ($6.97/month)
- 2 People: $206.40/year ($17.20/month)
- Family (4 people): $412.80/year ($34.40/month)
The “976+ brokers” claim is misleading. The headline number includes custom removal requests (568+ sites requiring individual submissions) and tier-gated sites. The Standard plan actually covers about 85 sites for automated removals. Even the VIP plan covers only about 262 sites with automated processing. DeleteMe scans 750+ broker sites for exposure but only actively processes removals from the number matching your plan tier. DeleteMe uses real human privacy analysts (not purely automated), with first privacy reports within about 7 days.
Optery: strong free scan, US-focused
Pricing ranges from free (exposure scan only) to $24.99/month (Ultimate, 640+ sites). The free scan is genuinely useful. It provides an Exposure Report with screenshots and direct links showing where your data appears across roughly 100 profiles. However, Optery is primarily US-only. Multiple authoritative sources confirm: “Optery’s service is only available in the US.” Minimal to no UK-specific broker coverage.
Rightly: the UK-native option that went quiet
Rightly (right.ly) appears still operating but with a low profile. Their Rightly Protect tool is free for consumers. It scans email inboxes (Google/Microsoft accounts only) by analysing email headers to identify companies holding your data, then sends GDPR deletion requests with one click. Key distinction: Rightly targets companies that hold your data (retailers, food delivery apps, etc.) rather than data brokers specifically. The average user found roughly 50 companies holding their data. Not a direct competitor to Incogni or DeleteMe. A different approach entirely.
Services confirmed as US-only or unavailable to UK consumers
- Norton Privacy Monitor Assistant: US-only. Only 19 to 34 broker sites covered. $12.99/month or $109.99/year add-on
- Aura: US-focused. Not available to UK consumers. 140 to 200+ broker sites. Roughly $12/month individual
- Kanary: Explicitly US-only. 300 to 325 US people-search sites. $9.99/month
- OneRep: US-only. 199 to 313 broker sites. $8.33/month annual. Major trust concern: Krebs on Security revealed in March 2024 that OneRep’s CEO founded dozens of people-search sites and maintained ownership of Nuwber, an active data broker
- EasyOptOuts: Explicitly US-only. $19.99/year, the cheapest option. Consumer Reports found a 65% success rate after 4 months
- HelloPrivacy: No evidence of UK coverage. Roughly $99.96/year. 115+ sites
- Mozilla Monitor Plus: Shut down December 17, 2025. Mozilla terminated partnership with OneRep following the Krebs on Security revelations
- IDX Privacy: No evidence of UK availability. $12.95/month
OptOut AI UK: early-stage UK entrant
A new OptOut AI venture (optoutai.co.uk) is in early access/pre-launch as of March 2026. Their stated approach: self-serve, client-side browser automation that runs locally on the user’s device, providing assistance completing opt-out forms on UK-focused data broker sites. No pricing, feature set, or coverage details available yet.
Automated services vs investigator-led services: the fundamental difference
Automated services (Incogni, DeleteMe) send pre-formatted opt-out requests to a fixed database of known brokers at scale. Strengths: low cost ($7 to $25/month), can contact 400+ brokers simultaneously, ongoing monitoring. Weaknesses: limited to known broker lists, cannot handle non-standard exposure (forums, social media, news articles, court records), cannot verify brokers actually deleted data, UK-specific coverage is thin, “whack-a-mole” dynamic as data reappears.
Investigator-led services conduct OSINT to map a client’s full digital footprint, address UK-specific sources (192.com, electoral roll, Companies House, social media), pursue legal mechanisms (solicitor letters, ICO complaints), and handle active threats (doxxing, harassment, stalking). Strengths: fully tailored, can address non-standard exposure, human judgment for complex cases, UK-specific expertise. Weaknesses: significantly more expensive, not scalable, slower initial results.
No automated service covers UK-specific brokers. A professional investigator who understands the UK data ecosystem can address what no software product can.
Consumer Reports 2024 independent test results
Consumer Reports tested 7 services over 4 months. Optery achieved 68% removal success, EasyOptOuts 65%, while DeleteMe scored only 27%. Notably, manual opt-outs still beat all services at 70%. A point worth remembering as you read the DIY section below.
3. The UK legal framework for data removal in 2026
UK GDPR Article 17: the right to erasure
The right applies when data is no longer necessary for its original purpose, consent is withdrawn, the individual objects to processing (including direct marketing), data was unlawfully processed, erasure is required by legal obligation, or data was collected from a child for information society services.
Organisations can refuse when processing is necessary for freedom of expression, legal obligations, public health purposes, archiving in the public interest, or establishing/exercising legal claims. Requests can also be refused if “manifestly unfounded or excessive,” but the burden of proof is on the controller, and a case-by-case assessment is required (no blanket policies).
The one-month response requirement starts from the day after receipt. It can be extended by up to two further months (total three) for complex or numerous requests, but the individual must be informed within the first month. Under the Data Use and Access Act 2025, a new “stop the clock” mechanism pauses the deadline when controllers reasonably require further information to identify data or processing activities.
Practical steps for exercising the right: Requests can be made to any part of the organisation, verbally or in writing (writing recommended for evidence). No specific words or legal citations are required. The ICO provides template letters at ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/. A proper request should include full name and address, identifying details, a clear statement of what data you want erased and on what grounds, proof of identity if not already held, reference to Article 17 rights, a request for confirmation of erasure and notification to third parties, a reminder of the one-month deadline, and a statement of ICO complaint rights.
Data Use and Access Act 2025: what changed
Royal Assent: 19 June 2025. Part 5 data protection amendments took effect on 5 February 2026. The new right to complain directly to controllers takes effect on 19 June 2026.
Key provisions:
Recognised legitimate interests: Creates a category of processing where no balancing test is required for specified purposes including national security, public security, emergencies, criminal investigations, and safeguarding. Direct marketing and intra-group sharing are on the list but still require a legitimate interests assessment. This potentially gives data brokers somewhat greater confidence in relying on legitimate interests.
Automated decision-making relaxed: The restriction on significant automated decisions now only applies where special category data is used. Broader circumstances for automated decisions without special category data, provided safeguards exist.
Data subject access requests: Controllers now need only conduct “reasonable and proportionate” searches (previously just ICO guidance, now statutory). The “stop the clock” mechanism allows controllers to pause response deadlines while awaiting further information.
New right to complain directly to controllers: From 19 June 2026, controllers must maintain a formal complaints process, provide an electronic complaints form, acknowledge complaints within 30 days, and respond without undue delay.
PECR fine increase: Marketing breach fines increased from £500,000 to £17.5 million or 4% global turnover, aligned with UK GDPR.
ICO governance reform: The ICO becomes the “Information Commission” with a new Board structure and stronger audit, reporting, and enforcement powers.
What the DUAA does NOT do: It does not create a specific UK data broker registration regime comparable to California’s Delete Act. No new specific rules targeting data brokers or people-search sites. Expert commentary is measured: Linklaters calls it “a shift in approach aiming to balance privacy rights with innovation,” while Womble Bond Dickinson describes it as “minor relaxations of data protection requirements.”
ICO enforcement: the Experian saga and its aftermath
The landmark UK case on data brokers: in 2018, Privacy International filed complaints about credit reference industry data brokering, triggering a two-year ICO investigation.
In October 2020, the ICO found “widespread and systemic data protection failings” across Experian, Equifax, and TransUnion, issuing an enforcement notice against Experian for “invisible processing” of roughly 51 million UK adults’ data for direct marketing without adequate transparency.
Equifax and TransUnion complied voluntarily, withdrawing non-compliant products. But Experian fought and largely won. The First-tier Tribunal ruled mostly in Experian’s favour in February 2023, finding the ICO had “fundamentally misunderstood” Experian’s processing. The Upper Tribunal dismissed the ICO’s appeal entirely in April 2024, and the ICO confirmed it would not appeal further.
The outcome: Legitimate interests was confirmed as a valid lawful basis for direct marketing data brokering, provided adequate transparency is maintained. This was a significant setback for ICO enforcement against data brokers. No ICO enforcement actions have targeted UK people-search or data-lookup websites as of March 2026.
Broader enforcement trends: In 2024, the ICO took 62 enforcement actions with total fines of roughly £2.7 million. In 2025, only 31 actions but significantly higher fines totalling roughly £19.6 million from just 7 cases, including the £14 million Capita settlement (the ICO’s largest ever) for cyber attack failures. Focus has shifted to security-related breaches. Critically, no ICO enforcement actions have targeted UK people-search or data-lookup websites as of March 2026.
Electoral roll opt-out mechanics
To opt out of the open register: tick the opt-out box when registering to vote (online at gov.uk/register-to-vote or on the annual canvass form), contact your local Electoral Registration Office directly, or re-register online and choose to opt out. The preference remains permanently at your address unless changed or moved. The register is typically published on 1 December each year with monthly updates.
Opting out prevents commercial sale but does not prevent credit reference agencies, political parties, police, or jury service accessing the full register. Previous published versions cannot be amended retrospectively.
Court claims for data protection breaches
Under Article 82 UK GDPR and Section 168 DPA 2018, individuals can claim compensation for both material damage (financial loss) and non-material damage (distress). The Court of Appeal ruling in Farley v Paymaster (2025) significantly lowered the bar: no threshold of seriousness is now required for non-material damage claims, and actual access or misuse by third parties is not essential. Claims can be brought in County Court Small Claims Track (fees from £35 for claims up to £300). The ICO cannot award compensation. It must go through the courts.
4. The scale of UK data exposure: the numbers
How many UK adults are exposed
192.com alone holds over 700 million records. The open electoral register exposes approximately 19 million UK adults who have not opted out. The ICO found that the three CRAs collectively screened, traded, or profiled the data of “almost every adult in the UK” for direct marketing purposes.
There is no complete study quantifying total UK exposure across all data brokers, but DSIT’s 2025 Call for Views on data brokers acknowledged a “complex ecosystem” with a “lack of publicly available information” about its size.
Data breach statistics
The ICO received 12,412 personal data breach reports in 2024/25, though only 3% led to an investigation (down from 6% the prior year). The DSIT Cyber Security Breaches Survey 2025 found 43% of UK businesses (roughly 612,000 companies) reported a cybersecurity breach or attack, rising to 74% of large businesses.
Major recent UK breaches include the Electoral Commission breach compromising roughly 40 million registered voters’ data, the 23andMe breach affecting 155,592 UK users (fined £2.31 million), and the Police Service of Northern Ireland breach exposing the entire workforce.
Fraud and identity theft are at record levels
Cifas recorded 421,000 fraud cases in 2024, the highest ever, a 13% increase on 2023, with a new fraud case every 2 minutes. Roughly 250,000 were identity fraud filings (59% of all cases), up 5% year-on-year. Facility takeover cases surged 76% to 74,000+, and SIM swap fraud exploded by 1,055%. In the first half of 2025, Cifas recorded 217,000+ cases, a record for any six-month period.
UK Finance reported over £1.17 billion stolen through fraud in 2024 across 3.3 million reported incidents. Card fraud losses hit £572.6 million, APP fraud losses were £450.7 million, and unauthorised transaction losses reached £722 million. GASA estimated UK individuals lost between £9.4 and £11.4 billion to scams in 2024. The Cifas/RUSI joint report (December 2024) estimated identity fraud costs the UK £1.8 billion annually. Fraud now makes up 44% of all recorded crime in England and Wales.
Consumer awareness remains surprisingly low
YouGov data (December 2024 to 2025) found 59% of Britons are concerned about how much data is collected about them online, but 38% say they no longer know how to protect their personal information and 28% don’t worry much about privacy when using the internet. There’s a generational divide: 63% of over-55s value data access limits versus only 36% of 18 to 34-year-olds.
ICO research found one third of UK consumers are unclear about what happens to their personal details after sharing them.
DSIT consultation on data brokers (2025)
DSIT launched a Call for Views on data brokers in March 2025, focusing on national security risks, receiving 168 responses (47% from data brokers). Key concern: hostile actors, including cyber-criminals, can acquire UK data on the open market. The government response found a “fragmented market with divergent views on definitions, standards, and regulatory efficacy.” No universal definition of a data broker exists in UK law.
5. The complete DIY removal guide for UK consumers
192.com
Google Results About You
TrueCallerExperianEquifaxTransUnionVisit 192.com/c01/new-request/. Provide full surname, full address(es) including previous addresses, postcode(s), and valid email address. Submit for yourself or up to 5 family members at the same address. Click the confirmation email link. Removal will not be processed without this step.
Alternatively, email feedback@192.com or post to Hooyu Ltd, Unit 8 Quayside Lodge, William Morris Way, London, SW6 2UZ. Removals typically take 24 hours once confirmed. Works via a suppression file (name + postcode) that automatically blocks future data loads.
Removal from 192.com does not remove Google cached links. Separately use Google’s outdated content removal tool at search.google.com/search-console/remove-outdated-content.
Contact your local council’s Electoral Registration Office by email, phone, or letter. Provide full name, full address, and clearly state you wish to opt out of the open register. Alternatively, re-register at gov.uk/register-to-vote and tick the opt-out box, or use the annual canvass form.
Takes effect from next register publication (typically 1 December, with monthly updates). Preference is permanent at your address. Does not prevent credit reference agencies, political parties, police, or jury service accessing the full register. Does not retroactively remove data from previously published editions held by brokers.
Results About You (myactivity.google.com/results-about-you): fully available in the UK. Set up monitoring for your name, phone numbers, home addresses, email addresses, and (since February 2026) government ID numbers. Google scans search results for matches and sends notifications within hours. Review flagged results and request removal. If approved, the URL is de-listed from Google Search.
Cannot remove content on news/educational/government sites, content you control, or negative but lawful content that doesn’t expose personal contact information. Removal from Google Search does not remove data from the source website.
Additional tools: the direct search result removal flow (click three dots next to any Google result, then “About this result”, then “Remove result”), the detailed removal request form at support.google.com/websearch/contact/content_removal_form, and the outdated content removal tool.
Facebook/Meta: Set default post audience to “Friends” (Settings > Privacy > Who can see your future posts). Disable search engine indexing of your profile. Change who can look you up using email/phone to “Friends” or “Only me.” Clear off-Meta activity and disconnect future activity (Accounts Center > Your Information and Permissions > Your Activity Off Meta Technologies). Review ad preferences and remove categories.
LinkedIn (critical 2026 updates): Toggle public profile visibility to OFF (Settings > Visibility > Edit public profile) to prevent all search engine indexing. Disable profile discovery using email and phone number. Turn off off-LinkedIn visibility. Critically: disable AI training data sharing (Settings > Data Privacy > Data for Generative AI Improvement). This was switched ON globally by default in November 2025. Turn off Microsoft cross-platform data sharing and all advertising data toggles.
X/Twitter: Protect your posts (Settings > Privacy and Safety > Audience and Tagging). Disable discoverability via email and phone. Turn off all data sharing and personalisation toggles.
TrueCaller: Visit truecaller.com/unlisting, enter phone number with +44 country code, complete CAPTCHA, click “Unlist Phone Number.” Takes up to 24 hours. Not guaranteed permanent. TrueCaller’s crowdsourced database means contacts who have your number saved can re-introduce it.
BT Phone Book / going ex-directory: Contact your phone service provider (BT: 0800 800 150; other providers: contact directly). Request to be made ex-directory. Removes you from printed phone books, online directories, and 118 directory enquiry services. Does not remove data already scraped by people-search sites.
UKPhonebook.com: Use the online removal form at ukphonebook.com/help. Processing takes up to 2 working days online, 28 days by post to Simunix Ltd, Middleham House, 2-3 St. Marys Court, York YO24 1AH.
Experian: experianmarketingservices.digital/OptOut or PO Box 9000, Nottingham, NG80 7WF. Equifax: PO Box 10036, Leicester, LE3 4FS or 0333 321 4043. TransUnion: ukconsumer@transunion.com or 0330 024 7574.
All three CRAs confirm the absolute right to object to direct marketing use. No balancing test required. This stops them selling your open electoral register data for marketing, profiling, and enrichment, but does not affect credit referencing (statutory function).
Telephone Preference Service (tpsonline.org.uk/register): Free, permanent registration. Takes 28 days to become effective. Legally enforced under PECR. The ICO can fine companies for calling TPS-registered numbers without consent. Over 17.7 million UK numbers registered. Does not cover companies you’ve given consent to, market research, overseas callers, or silent/automated calls.
Mailing Preference Service (mpsonline.org.uk): Free. Takes 2 to 4 months for full effect. Industry self-regulation (not legal requirement). Stops personally addressed unsolicited mail. Does not cover companies you do business with, charities you’ve contacted, or unaddressed mail (for unaddressed mail, use Royal Mail’s Door-to-Door Opt-Out).
Check breach exposure at Have I Been Pwned (haveibeenpwned.com) and Mozilla Monitor (monitor.mozilla.org, free for up to 20 email addresses).
Use email alias services for future signups: SimpleLogin by Proton (free for 10 aliases, roughly £30/year for unlimited), Apple Hide My Email (included with iCloud+ from £0.99/month), or Firefox Relay (free for 5 masks). Do not rely on the Gmail ”+” trick. The real address is trivially derivable.
The honest limitations of DIY. You cannot remove data from court filings, government databases, or public records (property deeds, planning applications, vital records). You cannot force Google to remove results from news, educational, or government sites. You cannot stop credit reference agencies holding your credit data. You cannot prevent all data collection. Data is constantly re-scraped from public records, marketing lists, and online activity.
Initial cleanup takes 15 to 25 hours spread over 2 to 4 weeks. Ongoing maintenance requires quarterly checks and re-submission of opt-out requests, estimated at 60+ hours per year. Most people start strong and burn out within 6 months. This is the primary argument for paid services or investigator-led removal.
Data brokers can legally re-collect your data every 90 days from public records and other sources. The suppression files used by sites like 192.com should block re-addition from their own data suppliers, but brokers with different data sources or new brokers may surface your information regardless.
Frequently asked questions
How do I remove my details from 192.com?
Visit 192.com/c01/new-request/ and submit your full surname, address(es), postcode(s), and email. Click the confirmation link in the email they send. Removal takes about 24 hours. You can also email feedback@192.com or write to Hooyu Ltd, Unit 8 Quayside Lodge, William Morris Way, London, SW6 2UZ. After removal, separately request Google to remove cached results via the outdated content removal tool.
How do I opt out of the open electoral register?
Re-register to vote at gov.uk/register-to-vote and tick the opt-out box, contact your local Electoral Registration Office directly, or use the annual canvass form. The preference is permanent at your address and typically takes effect from the next register publication (1 December, with monthly updates). Opting out does not retroactively remove data from editions already sold to data brokers.
Is there a data removal service that works in the UK?
Incogni (by Surfshark) and DeleteMe both accept UK customers and use UK GDPR for removal requests. However, neither covers UK-specific brokers like 192.com, Tracesmart, or PeopleTraceUK. Their broker lists are overwhelmingly US-focused. For UK-specific sources, you need manual removals or an investigator-led service.
Is Incogni or DeleteMe better for UK users?
Incogni is generally the stronger choice for UK users. It covers 420+ brokers (vs approximately 85 on DeleteMe’s Standard plan), costs less (approximately $96/year vs $103/year), and has been independently audited. DeleteMe uses human analysts rather than pure automation, which can be an advantage for complex cases, but its “976+ brokers” claim is misleading as most require manual custom submissions.
How do I make a UK GDPR right to erasure request?
Write to any part of the organisation holding your data. Include your full name and address, identify the data you want erased, state your grounds under Article 17 UK GDPR, provide proof of identity, and set a one-month response deadline. No specific legal language is required. The ICO provides template letters at ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/. If the organisation refuses or ignores you, complain to the ICO or pursue a court claim.
Are data brokers legal in the UK?
Yes. The UK has no specific data broker registration requirement comparable to California’s Delete Act. Data brokers must comply with UK GDPR, including having a lawful basis for processing (typically legitimate interests or consent). The Experian tribunal ruling (2023-2024) confirmed legitimate interests as a valid basis for direct marketing data brokering, provided adequate transparency is maintained. The Data Use and Access Act 2025 did not change this.
Can I remove my address from Companies House?
Since January 2025, directors can apply to suppress residential addresses from historical filings using Form SR01 at a cost of £30 per document. From July 2025, this extends to signatures, business occupation, and day of date of birth. However, director names, service addresses, and month/year of birth remain publicly visible. If a company is dissolved, the first part of the residential postcode may remain visible even after suppression.
How long does it take to remove personal data from the internet in the UK?
Individual removals vary: 192.com takes about 24 hours, electoral roll opt-out takes effect at next publication (up to 12 months), Google removals take days to weeks, and CRA marketing opt-outs take 7 to 30 days. A full DIY cleanup takes 15 to 25 hours spread over 2 to 4 weeks. Ongoing maintenance requires approximately 60+ hours per year because data brokers can legally re-collect your data every 90 days from public records.
How do I stop junk mail and cold calls in the UK?
Register with the Telephone Preference Service at tpsonline.org.uk/register (free, legally enforced, takes 28 days) and the Mailing Preference Service at mpsonline.org.uk (free, industry self-regulation, takes 2-4 months). For unaddressed mail, use Royal Mail’s Door-to-Door Opt-Out. Opt out of the open electoral register to stop your address being sold. Contact all three credit reference agencies to opt out of marketing data use.
What does the Data Use and Access Act 2025 mean for data removal?
The DUAA raised maximum marketing breach fines from £500,000 to £17.5 million, introduced a new right to complain directly to data controllers (effective June 2026), and added a “stop the clock” mechanism allowing organisations to pause response deadlines. However, it did not create a data broker registry, did not restrict data broker activities specifically, and did not significantly change the right to erasure. Expert commentary describes it as “minor relaxations of data protection requirements.”
The DIY steps above will meaningfully reduce your digital exposure. But they have limits. They cannot address custom exposure: forum posts, news articles, social media screenshots, or content created by third parties. They cannot handle active threats such as doxxing, harassment campaigns, or stalking. They cannot deal with data that reappears faster than you can remove it.
For high-net-worth individuals, public figures, or anyone facing a specific privacy threat, an investigator-led approach offers what no automated tool or DIY checklist can: a complete, human-led audit of your digital footprint, tailored removal strategies for UK-specific sources, legal escalation when brokers refuse to comply, and ongoing monitoring that catches re-exposure before it becomes a problem.
Need investigator-led data removal?
We handle what no automated tool can: UK-specific brokers, custom exposure, and active threats. Complete, human-led privacy protection.
