How phone number data actually flows in the UK
Your phone number is listed in more databases than your home address. That is not an exaggeration. When I run a digital footprint assessment, phone numbers typically appear across 8 to 12 separate sources: the BT-OSIS directory, people-search sites like 192.com and UK Phone Book, crowdsourced caller ID apps, marketing databases, and breach records. Going ex-directory with your provider is the single most effective first step you can take. But on its own, it covers roughly 20% of the problem.
Every UK telephone directory, whether online or through a 118 service, derives its data from a single source: OSIS, the Operator Services Information System managed by BT Wholesale. When you go ex-directory, your provider flags your number in OSIS, and that suppression cascades to every downstream directory simultaneously. That cascade is why this step matters so much. It is also why people overestimate what it achieves.
How to go ex-directory with your provider
For BT customers, call 0330 123 4150. For everyone else (EE, Vodafone, Three, Sky, Virgin Media O2, TalkTalk, or any MVNO), contact your provider directly. About 65% of UK numbers are already ex-directory, so you are not asking for anything unusual.
Processing takes 24 to 48 hours in most cases. After that, your number should stop appearing in new directory enquiry results and all 118 services.
Here is what going ex-directory does NOT do. It does not remove your number from people-search sites that already scraped it. It does not unlist you from caller ID apps where other people uploaded your contact details. It does not stop marketing calls if your number is already on commercial lists. And it does not touch breach databases where your number may have been leaked years ago.
The five-step phone number suppression sequence
Complete phone directory suppression requires five steps: go ex-directory, remove from people-search sites, register with TPS, unlist from caller ID apps, and request removal from 192.com. Most people do one and assume they are covered.
I have submitted hundreds of these requests across client assessments. The pattern is always the same: someone goes ex-directory, checks 192.com a week later, still finds their number, and assumes the process failed. It did not fail. They stopped at step one of five.
Remove from 192.com and UK Phone Book
192.com holds over 700 million records, including phone numbers sourced from BT-OSIS telephone directories and the open electoral register. UK Phone Book, operated by Simunix in York, holds 130 million records from similar sources and also powers 118 365 lookups.
I have covered the full 192.com removal process separately. The short version: submit at 192.com/c01/new-request/, click the confirmation email (the step that trips people up every time), and allow 24 to 48 hours. For UK Phone Book, the removal process goes through their help page at ukphonebook.com/help, with processing taking up to 2 working days online or 28 days by post.
Going ex-directory stops new data flowing to these sites. Both retain historical data until you explicitly request removal.
Unlist from caller ID apps
This is the layer that catches people off guard. TrueCaller, Hiya, Sync.me, and the UK-specific app Wotcha do not pull from OSIS. They build their databases from user contact uploads. Every person who has your number saved in their phone and uses one of these apps has effectively published it.
TrueCaller: Visit truecaller.com/unlisting and submit your number. Processing within 24 hours. Easiest of the lot.
Sync.me: Visit sync.me/unlist/ and enter your number. Straightforward, similar timeline.
Hiya: More friction. You need to create an account first, then submit a support ticket requesting removal. Allow a few days.
Wotcha: UK-specific caller ID claiming 99% recognition rate on UK numbers. Contact via the app to request removal.
The frustrating reality is that your number can reappear in these apps whenever someone with your contact details installs them or syncs their address book. There is no permanent opt-out. I check client numbers against these apps quarterly as part of ongoing digital footprint monitoring, and re-listings happen more often than people expect.
Register with TPS and MPS
The Telephone Preference Service at tpsonline.org.uk is the one registration with legal teeth. Under PECR 2003, it is a criminal offence for any organisation to make unsolicited marketing calls to a TPS-registered number without prior consent. Register both your landline and mobile. Free. Allow 28 days for activation.
The Mail Preference Service at mpsonline.org.uk covers personally addressed postal marketing. It is self-regulatory rather than statutory, with 5.4 million people registered. If your phone number appears alongside your address in broker databases (which it almost always does), postal marketing follows the same data trail.
If you have a business line, register it with CTPS at ctps.org.uk as well. Same 28-day activation period.
TPS registration does not stop all calls. Overseas call centres, scammers, and companies claiming “existing business relationship” exemptions will still get through. But it gives you a legal basis to report violations to the ICO, and fines for PECR breaches now reach up to 17.5 million pounds under the Data Use and Access Act 2025.
Why “just go ex-directory” is bad advice for anyone with real exposure
The standard guidance to go ex-directory and move on is actively misleading for anyone with a genuine security concern. I have assessed individuals who went ex-directory years ago and still found their phone number in seven or eight separate sources. LexisNexis and GBG, the commercial verification platforms that feed skip tracers and debt collectors, retain phone numbers independently of OSIS. LiveRamp links phone numbers to identity graphs covering 45 million UK consumers. Breach databases hold phone numbers from historic data leaks that no suppression request can touch.
For high-net-worth individuals and public figures, a phone number is not just a contact detail. It is an authentication factor (SIM swap fraud surged 1,055% in 2024 according to Cifas), a social engineering vector, and a key that unlocks further data through reverse lookup tools. A motivated individual with your mobile number can cross-reference it against breach records for 5.50 pounds on Dehashed, identify your email addresses, map your associated accounts, and build a profile of you within an hour.
The monitoring cadence after suppression
Phone number suppression is not a one-time project. The 90-day re-scrape cycle that affects data broker removals generally applies here too. Caller ID apps re-ingest contact uploads continuously. New breach dumps surface on Telegram channels weekly.
At minimum, search your own number every quarter (in multiple formats: with country code, without, with spaces, without) across Google, 192.com, and TrueCaller. If you are managing compound exposure across multiple family members, properties, or business entities, that monitoring burden scales fast.
Where phone suppression fits in the wider picture
The five-step process handles the visible directory layer. But your phone number also sits in credit reference agency records, insurance databases, loyalty programme profiles, and dozens of commercial data brokers you have never interacted with directly. Experian Marketing Services, CACI, and TransUnion all hold phone numbers as part of their consumer profiles, each with separate opt-out processes.
If your exposure is limited to a few directory listings, the five steps will get you most of the way in an afternoon. If you are a director with Companies House filings, properties in your name, and a public-facing role, your phone number is embedded in a web of interconnected databases that requires a full digital footprint assessment to map properly.
For anyone in that second category who wants to understand the full scope, get in touch. I will tell you exactly where your number appears and what it takes to suppress it across every source.
