Guide to data subject rights

This guide explains your rights under the General Data Protection Regulation (GDPR) and the accompanying Data Protection Act 2018 in relation to personal data that is processed by the University.

General conditions applicable to the exercise of your rights

  • We will facilitate the exercise of your rights.
  • We may request additional information in order to identify you.
  • We will not take any action to facilitate your request if we can demonstrate that we cannot identify you.
  • Where your request is in electronic form, unless you request otherwise and where possible, the information will be provided to you in electronic form.
  • We will keep you informed of any action taken by us normally within one month from your request. Where this is not possible due to complexity or number of requests, we may extend this by a further month but we will let you know within the first month if this is the case.
  • Where we do not take action, we will inform you within one month of your right to complain to Information Commissioner’s Office (ICO)
  • We will not charge a fee for the exercise of your rights though may charge for any additional copies of your data that you request.
  • Where we can show that your request is unfounded, excessive or repetitive we may charge an administrative fee or refuse to act on your request. 

Your data subject rights

Legal basis of processing

As you have seen in the section above “your data subject rights”, the legal basis for processing in many cases determines the scope of your rights. There are seven conditions which the University relies upon to enable it to process your data.

Frequently used terms

Throughout this guide, the following terms have the following meaning: