• Home
  • Contact Details
  • 8 Data Protection Principles
  • Sensitive Personal Data
  • Policy
  • Legislation
  • Guidance
  • Rights of data subjects
  • Subject Access Requests
  • Data Security Breach Management
  • Access to Examination Records
  • CCTV and Data Protection
  • Disclosure to the Police
  • Verification of Qualifications
  • Requests for References
  • Film and Photography
  • HESA Annual Return
  • Info. Request Forms
  • Scottish Social Work Council
  • Data Protection and Research
  • Data Protection and CampusMoodle
  • Register of Notifications
  • Students' Personal Information
  • Data sharing within RGU
  • Transfer of data outside RGU
  • Data held by Hobsons PLC
  • TAS and Data Protection
  • SMS Text Messaging
  • Records Management
  • Freedom of Information

Subject Access Requests

What is a Subject Access Request?

Under the Data Protection Act (1998), individuals (i.e. data subjects) have a right to know what data is held about them at RGU and a right to access their personal data.

Data subjects exercise this right to know and access by submitting a "Subject Access Request" to the University.

The Act specifies that all requests for Subject Access must be made in writing, for example by letter or via a completed "Personal Information Request Form":

• Link to Personal Information Request Form

The request must be accompanied by some form of identification, for example, a copy of the data subject's passport or driver's licence.

The completed Subject Access Request should be sent to a specific person at at the University.

Alternatively, please send completed Subject Access Requests to:

Mr Keith G Fraser
University Records Manager
Records Management (IT Services)
The Robert Gordon University
St Andrews Street
ABERDEEN
AB25 1HG

How to respond to Subject Access Requests

The following flowchart illustrates how these requests should be processed by RGU staff:

Flowchart: Responding to Subject Access Requests

Further information on RGU's procedure in handling these requests can be found in the University's Data Protection Policy (Appendix B):

• Procedure for responding to Subject Access Requests at RGU

Please note that this procedure applies to all Schools and Departments and every University staff member should be made aware of it

Points to note:

• The University must comply within 40 calendar days of receiving a validated request

• It is recommended that Keith Fraser, the University Records Manager, is notified of any Subject Access Requests received by RGU. This is to ensure that the University complies fully and consistently with the Data Protection Act. Keith can be contacted on 262882 and at k.fraseratrgu.ac.uk

• Subject Access Requests do not have to mention the "Data Protection Act"

• The personal data provided to the data subject must be in an intelligible form. If it contains codes or abbreviations, these should be explained

• It is a criminal offence to alter, deface, block, erase, destroy and conceal personal data to prevent access

• RGU does not have to levy a fee. However, it may charge £10, which is the standard fee set by the UK Information Commissioner

• In the case of a refusal a Data Subject has a period of One Calendar month in which to lodge an appeal or a request for a review with the University.

• Return to Top

Last updated 09.09.10(KGF)

Disclaimer | Freedom of Information | Copyright ©2013 Robert Gordon University, Schoolhill, Aberdeen, AB10 1FR, Scotland, UK: a Scottish charity, registration No. SC013781

  rgu.ac.uk | Search