Subject Access Requests
What is a Subject Access Request?
Under the Data Protection Act (1998), individuals (i.e. data subjects) have a right to know what data is held about them at RGU and a right to access their personal data.
Data subjects exercise this right to know and access by submitting a "Subject Access Request" to the University.
The Act specifies that all requests for Subject Access must be made in writing, for example by letter or via a completed "Personal Information Request Form":
The request must be accompanied by some form of identification, for example, a copy of the data subject's passport or driver's licence.
The completed Subject Access Request should be sent to a specific person at at the University.
Alternatively, please send completed Subject Access Requests to:
Mr Keith G Fraser
University Records Manager
Records Management (IT Services)
The Robert Gordon University
St Andrews Street
How to respond to Subject Access Requests
The following flowchart illustrates how these requests should be processed by RGU staff:
Further information on RGU's procedure in handling these requests can be found in the University's Data Protection Policy (Appendix B):
Please note that this procedure applies to all Schools and Departments and every University staff member should be made aware of it
Points to note:
- The University must comply within 40 calendar days of receiving a validated request
- It is recommended that Keith Fraser, the University Records Manager, is notified of any Subject Access Requests received by RGU. This is to ensure that the University complies fully and consistently with the Data Protection Act. Keith can be contacted on 262882 and at k.fraseratrgu.ac.uk
- Subject Access Requests do not have to mention the "Data Protection Act"
- The personal data provided to the data subject must be in an intelligible form. If it contains codes or abbreviations, these should be explained
- It is a criminal offence to alter, deface, block, erase, destroy and conceal personal data to prevent access
- RGU does not have to levy a fee. However, it may charge £10, which is the standard fee set by the UK Information Commissioner
- In the case of a refusal a Data Subject has a period of One Calendar month in which to lodge an appeal or a request for a review with the University.
Last updated 09.09.10(KGF)