The General Data Protection Regulation (GDPR) provides data subjects with a number of data rights aside from the right of access.The Information Commissioner’s Office has published further information on these rights, which is available here. You may find it useful to read their guidance before submitting a request. If you would like to submit an individual rights request, such as the right to erasure, you can send your request by email to email@example.com.
Subject Access Requests (SARs)
Individuals have a right of access to any personal data held by a data contoller (in this case UCL).
What does it cost?
UCL does not charge a fee for Subject Access Requests.
Submit a SAR
To assist UCL in complying with the statutory timescales we will require such requests to made in writing and accompanied by formal identification.
If you wish to submit a request, you should do so by completing the form below:
Subject Access Request Form
This form will provide the university with the necessary information needed to deal with your request and should be sent by email to firstname.lastname@example.org.
University College London Hospitals NHS Foundation Trust (UCLH)
Sometimes confused with UCL, UCLH is a seperate legal entity to UCL. If you wish to submit a subject access request to UCLH, please refer to the website below:
Data that can be requested
The right of access gives individuals the right to obtain a copy of their personal data as well as other supplementary information. Personal data may include but, is not limited to information held within staff files, student record files, databases, interview notes, and e-mail correspondance which refers to the individual.
If you are an internal UCL staff member who has been contacted because you may hold information with regard to a data subject access request, please note that you will not be breaching data protection law by either searches of your mailbox being conducted or the results of those searches being reviewed.
There are some conditions under which a SAR can be refused:
Student Exam Feedback
Examination scripts, are specifically exempted from disclosure, under the subject access rights and it is UCL policy not to provide students with copies. This exemption, however, does not apply to any comments made by Examiners, which are included in the definition of “personal data”. Comments are the students' personal data, and they are entitled to view and receive copies of them. If the comments have been made directly onto the examination script, and the academic department decides not to make the full script available when requested, then the examiners' comments should be reproduced onto a separate sheet of paper. It is recommended that the examiners comments should be made on a separate sheet, rather than directly onto examination scripts.
There is nothing to prevent academic staff from meeting with students to provide feedback, including showing them the scripts, and, or providing the comments which they relate to. There is no restriction on providing copies of other kinds of written assessed work, and we strongly encourage academic departments to do this, rather than ask the student to make a formal subject access request for the information.
Students are therefore advised, in the first instance, to contact their academic department for this information.
Time-frame for compliance
UCL is required to communicate to the data subject request with the information it holds in an intelligible form without undue delay or at the latest within one month of receipt, starting from the day after the request is received, or the data on which proof of identification is received. If we process a large amount of information about an individual, UCL may ask the individual to provide additional information to help clarify their request.