Information Management

Data protection

The Data Protection Act 1998 gives people the right to know what information is held about them, and require the University to ensure that personal information relating to living individuals is handled properly, held in confidence and is protected from inappropriate disclosure to third parties.  The Information commissioner can impose fines of up to £500,000 on organisations for breaching the Act and serious breaches may also see individuals involved being prosecuted.  

Data Protection at the University of Surrey

The University of Surrey holds and processes information about many different types of people such as its current, past or prospective employees, applicants, students and alumni.  It also processes personal information for a variety of reasons.  The University may also be required by law to collect and use certain types of personal information to comply with statutory requirements.

More information on how the University collects and uses personal information can be found in the Notification made to the Information Commissioner's Office or in the relevant Privacy Notice.  

Everyone who collects and manages personal information at the University of Surrey must do so in a way that complies with the University's Policy on Data Protection and with the 8 principles of the Data Protection Act 1998.

Advice and guidance on aspects of data protection is available from the Information Compliance Unit.  Please email us with any questions you may have.

Subject access requests 

Under the Data Protection Act 1998 you have the right to ask the University whether it holds your personal information and to see a copy of that information.  This process is called a Subject Access Request.  

If you would like to make a Subject Access Request to access copies of data held about you, please print off and complete the Subject Access Request form above. 

Completed forms should be sent to the following address:

Information Compliance Unit
Old Estates Building
University of Surrey

The University will not process any request until it has received a cheque for £10 and proof of identity, such as a photocopy of a drivers licence.  

We can only release copies of personal data to the data subject (the person who the data is about).  We will not release it to any third parties unless we have the written consent of the data subject. 

Minor day-to-day requests for information and corrections can be taken up with your department or the Registry.  You are able to check and amend some data through the student records system