Data Subjects' Rights

Data subjects have the following rights under the Data Protection Act:

To access their personal data

This allows individuals to find out what information is held about them by the University.

To correct information

This allows individuals to apply to a court to order a data controller to correct, block, remove or destroy personal details if they are inaccurate or contain expressions of opinion based on inaccurate information.

To prevent processing of personal data

This allows individuals to ask a data controller not to process information about them that causes them substantial or unwarranted damage or distress.

To prevent unsolicited marketing

This means a data controller is required not to process information about individuals for direct marketing purposes if the data controller has been asked not to.

To prevent automated decision making

This means individuals can object to decisions made only by automatic means.

To claim compensation

This allows individuals to claim compensation through the courts from a data controller in instances where damage and distress has been caused by any breach of the act.

No third party access

Individuals have the right to expect that the University will not share their personal data with a third without informing them, or in some cases without their consent, unless such access is in the vital interest of the data subject.

 

After the introduction of new data protection legislation in May 2018, the above rights will be enhanced and further clarified, and the following rights will be added:

The right to be informed (an obligation on data controllers to communicate transparently)

The right to restrict processing (a broader range of circumstances in which data subjects can require that processing is restricted)

The right to data portability (the right to transfer data between data controllers)

The right to object to processing (greater burden on data controllers that they have legitimate reasons for processing data, if there is an objection)

Rights in relation to automated decision making and profiling

For more detailed information regarding the applicability of these rights, see:

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/

Any requests or objections should be made in writing to the Data Protection Manager - infocompliance@aber.ac.uk

If you are not satisfied with the University’s response, or believe that the University is not processing personal data in accordance with the law then you may complain to the Data Protection Manager.

If the matter is not resolved and you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

www.ico.org.uk