Guidance and Data Protection

Policies and Guidance

How to access your Personal Data

Making a Subject Access Request

Under Data Protection legislation an individual has the right to access the information that an organisation holds about them. Accessing personal data in this way is known as making a Subject Access Request. (Subject Access Requests are different to requests submitted under FOI legislation, which relate to information about the organisation itself.)

You are entitled:

  • to be informed whether your personal data is being processed
  • to be sent a copy of your personal data subject to any applicable exemptions and the removal of other people's personal data as appropriate

Your subject access request to the University may be submitted in whatever format you wish.

When we receive your request, we will let you know the statutory deadline by which we will reply. If, on receipt of our response, you consider that the University has not dealt correctly with your request, please refer to our Data Protection Complaints Procedure.

Exercising other data protection rights

Under data protection legislation an individual has various other rights - please see our Corporate Privacy Policy for more information. These rights requests may be submitted in whatever format you wish, but we recommend that you email the Records Management Team to help us give a timely response to your request.

Role of the Data Protection Officer (DPO)

The role of the Data Protection Officer (DPO) is defined in the GDPR. The DPO at Anglia Ruskin University can be contacted via email or post:

Office of the Secretary and Clerk
Tindal Building,
Room 311
Anglia Ruskin University
Bishop Hall Lane Chelmsford

The main tasks of the Data Protection Officer are:

  • to implement the requirements of data protection legislation throughout the University;
  • to inform and advise the University and staff processing personal data of their obligations;
  • to monitor compliance, including the assignment of responsibilities, awareness-raising and training of staff, and related audits;
  • to provide advice where requested about data privacy impact assessments and monitor their execution;
  • to act as the contact point for the Information Commissioner's Office on issues related to personal data.

The DPO also works closely with the Records Management Team to provide day to day support for staff on data protection and freedom of information matters.

Data Protection Complaints Procedure

Anglia Ruskin University aims to comply fully with its obligations under the General Data Protection Regulations (GDPR). If you have any questions or concerns regarding Anglia Ruskin University’s management of personal data including your subject rights, please contact the Records Management Team, who are responsible for ensuring Anglia Ruskin University is compliant with the GDPR.

If Anglia Ruskin University holds inaccurate information about you, you should contact the Records Management Team explaining what the problem is and where appropriate provide her with any evidence to show what the information should say. Keep copies of the correspondence. If after a reasonable amount of time (28 days is recommended) the information has not been corrected, you can make a complaint.

If you feel that your questions/concerns have not been dealt with adequately please get in touch with us:

  • If you are a current, registered student at Anglia Ruskin University, you can make a complaint using Anglia Ruskin University’s Student Complaints Procedure.
  • If you are a member of staff or another individual, you should contact the Records Management Team.

If you remain unhappy with our response or if you need any advice you can contact the Information Commissioner’s Office (ICO) for information on how to make a data protection complaint.