Why Tracesmart is harder to deal with than most UK data brokers
Tracesmart does not make removal easy. Unlike 192.com, which has a self-service opt-out form, Tracesmart has no prominent online removal tool. MoneySavingExpert forum users have described them as “not very helpful” with data deletion, and in my experience submitting removal requests to UK brokers, Tracesmart consistently takes longer and requires more follow-up than almost any other.
The reason is partly structural. Tracesmart is now a trading name of LexisNexis Risk Solutions UK Limited, one of the largest data analytics companies in the world. Your request goes into a corporate compliance pipeline, not to a small company with a webmaster who can flick a switch. That is not necessarily a bad thing. It means they have a formal process. But it also means there is no quick route.
What data Tracesmart holds
Tracesmart’s primary data sources are the open electoral register (editions from 2002 to 2013) and a proprietary dataset they call the Tracesmart Register.
From these sources, they may hold:
- Your full name
- Current and previous residential addresses
- Dates of residence at each address
- Names of other individuals registered at the same addresses
- Telephone numbers (where sourced from directory data)
Their service is sold primarily to businesses through a REST API. Debt recovery firms, solicitors, and corporate investigators use it to trace individuals. The data is not typically browsable by the general public in the way 192.com is, but that does not mean your information is not being accessed. It simply means you cannot see what they hold without asking.
This is a point I make repeatedly when advising clients through our data removal service. The brokers you can search yourself are only half the problem. The ones operating behind APIs, selling your data to businesses, are often holding older and more detailed records.
How to remove your data from Tracesmart
There is no online opt-out form. You need to submit a formal erasure request under UK GDPR Article 17 directly to LexisNexis Risk Solutions UK Limited.
Step 1: Identify the correct contact
Address your request to the Data Protection Officer at LexisNexis Risk Solutions UK Limited. Their registered office is at 1 Harlequin Office Park, Fieldfare, Emersons Green, Bristol, BS16 7FN.
You can also email their data protection team. Check the LexisNexis Risk Solutions UK privacy notice for the current contact address, as email addresses change more frequently than postal ones. The most up to date email from the time of writing this guide is dpo@lexisnexisrisk.com
Step 2: Write your erasure request
Your request should include:
- Your full name (including any previous names)
- Your current address and any previous addresses you believe they hold
- A clear statement that you are exercising your right to erasure under Article 17 of the UK GDPR
- A request for confirmation of deletion once completed
Keep it factual. You do not need to give a reason, but stating that the data is no longer necessary for its original purpose (Article 17(1)(a)) or that you object to processing under Article 21 strengthens your position. I covered the full details of these rights in the UK GDPR consumer guide, which is worth reading before you submit.
Step 3: Send the request and note the date
Send by email (for speed) and by recorded delivery post (for evidence). Note the exact date you sent it. The one-month response deadline starts the day after they receive your request.
Step 4: Follow up if they do not respond
If you hear nothing within 30 days, send a follow-up referencing your original request date and reminding them of the statutory deadline. If they still do not respond or refuse without valid grounds, you can complain to the ICO.
In my experience, LexisNexis usually responds within the deadline, but the response is not always a straightforward confirmation. They may ask for identity verification first, which is reasonable. They may also argue that certain data falls under an exemption. If they cite “legitimate interests” as a reason to refuse, remember that your right to object to direct marketing processing under Article 21 is absolute. There is no balancing test for that.
What Tracesmart removal does not cover
Even after a successful erasure, some exposure remains. Tracesmart sources much of its data from the open electoral register. If you have not opted out of the open register, your data will continue to appear in future editions that Tracesmart and other brokers purchase.
Opting out of the open register is a separate step. You can do this by re-registering at gov.uk/register-to-vote and ticking the opt-out box, or by contacting your local Electoral Registration Office. I have written extensively about this process and the wider picture of UK data removal.
Critically, opting out of the open register is not retrospective. Tracesmart legally holds data from editions they already purchased (2002 to 2013). Your Article 17 request addresses that historical data. The open register opt-out prevents future editions from including you. You need both.
Companies House is another source that Tracesmart’s parent company LexisNexis draws from. If you are a company director, your name and service address appear on the public register. Since January 2025, you can apply to suppress residential addresses from historical filings using Form SR01 (£30 per document). That is a separate process entirely from the Tracesmart removal.
Why I think Tracesmart is more important than most people realise
Most people who contact me about data removal start with 192.com. That makes sense. It is the most visible UK people-search site. But Tracesmart, operating behind the scenes through the LexisNexis infrastructure, is arguably more significant for anyone concerned about professional tracing.
Debt collectors, skip tracers, and investigators use Tracesmart’s API as a primary lookup tool. If someone is trying to find you, this is one of the first places they check. The fact that you cannot Google yourself on Tracesmart the way you can on 192.com creates a false sense of security.
I have investigated cases where an individual had successfully removed themselves from every public-facing people-search site but was still fully visible through API-based services like Tracesmart. The exposure was invisible to them until I mapped their full digital footprint as part of a professional investigation.
No automated removal service currently covers Tracesmart. Not Incogni, not DeleteMe, not any of them. This is a manual process, and it requires you to know who you are actually writing to (LexisNexis, not Tracesmart as a standalone entity). For UK consumers evaluating automated services, I have compared the options in detail in my guide to data removal services.
If Tracesmart refuses your request
If your request is refused, ask for the specific legal basis they are relying on to continue processing. They must provide this under Article 12(4). Common refusal grounds include:
- The data is necessary for establishing, exercising, or defending legal claims (Article 17(3)(e))
- They claim a legitimate interest that overrides your rights
For the first ground, they would need to demonstrate an active or anticipated legal proceeding. A general claim that the data “might be needed” is insufficient.
For the second, challenge them on the balancing test. Ask them to provide their Legitimate Interest Assessment (LIA). If they cannot produce one, their position is weak. You can escalate to the ICO or pursue compensation through the courts under DPA 2018 Section 168. The Farley v Paymaster ruling in 2025 confirmed that no threshold of seriousness is required for non-material damage claims.
If you are dealing with a complex removal situation or an active threat, get in touch directly. Some cases need an investigator, not a template letter.
