GDPR and the DPA (the data protection laws) give individuals a right of access to the personal data which organisations, in this case UWTSD, holds about them, subject to certain exemptions. A request for access to personal data is known as a subject access request (SAR). This page explains how to submit a subject access request to the University, how we will handle your request, and your right to complain if you are dissatisfied with the response.
- Submit your Subject Access Request Form with as much information as possible to enable us to locate your information. If, for example, you only want Personal Data relating to your academic record, you should indicate that. A general request such as "please send me all of the Personal Data which you hold about me" is likely to lead us to contact you for further information or clarification. We require proof of ID when you submit your SAR to ensure that we are releasing Personal Data to the correct person.
- Once the SAR form is received by the University’s Data Protection Officer and the information requested has been confirmed we will begin the process of contacting relevant colleagues and collating the information.
- We review the information we have received to ensure it does not contain the personal data of any other individuals (third parties) which needs to be redacted (removed) as it is not relevant to your request. We will inform you of any redactions in our covering letter/email. We will endeavour to supply all information within the appropriate timeframe (a calendar month or less). Please be aware the review of a large SAR (in terms of volume of paperwork) can be significant and time consuming, and we may request more time to enable us to complete the work.
- Once the information has been reviewed we will contact you and confirm the details for releasing it to you. If you have any queries regarding your requested information, then you will be able to raise these with us via email@example.com
- It is important that we do not retain your personal data for any longer than is necessary and information will be deleted in accordance with the University’s record retention schedule.
- If you are dissatisfied with the response to the subject access request you may request a review :
All reviews must be made in writing to:
The Data Protection Officer
University of Wales Trinity Saint David
Swansea Business Campus
High Street, Swansea
Or by e-mail: firstname.lastname@example.org
The review is conducted by a senior UWTSD member of staff (“the reviewer”)
In order to progress your review as quickly as possible, please quote the request reference number (D20/xx) and the date of your original request, as well as details of why you are making the review. Please include full contact details including a phone number where possible, in case we need to contact you during the review process. Receipt of your review will be acknowledged in writing. Following the review, you will be provided with a response from the reviewer containing the outcome and subsequent actions where appropriate as taken by UWTSD
If you are not content with the outcome of the review, you have the right to appeal directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:
Information Commissioner’s Office