Accessing your personal information Accessing your personal information

The Data Protection Act entitles individuals - or those acting on their behalf - to request access to personal information the University may hold about them, and to find out how the University uses and shares their data.  This is known as a Subject Access Request.

How to make a Subject Access Request How to make a Subject Access Request

Subject Access Requests received by the University are handled by the Strategy, Policy & Compliance team. Before you submit a request it may help to read the guidance on requesting personal data from the Information Commissioner's Office.

When you are ready to submit your request, remember to include:

  • A clear explanation of the data you require. Requests must be in writing. Where possible, include dates and names of individuals or departments who you think may hold your personal data. Our Subject Access Request form can be used if preferred.
  • The £10 fee. Cheques should be made payable to The University of East Anglia. We do not currently accept card payments. Cash payments can be made in person only. If you wish to make a bank transfer, please notify dataprotection@uea.ac.uk in advance. 
  • Scanned copies of two documents as proof of identity (e.g. passport, birth certificate, driving licence or campus card).

Requests can be emailed to dataprotection@uea.ac.uk or posted to: the Information Policy and Compliance Manager (data protection), The Library, UEA, Norwich, NR4 7TJ.

What happens to a request What happens to a request

On receipt of all relevant documentation the Information Policy and Compliance Manager handling the request will contact the appropriate departments to obtain the data you have requested. In order to locate the correct information we may ask you to give further details of the types of data, or where you believe the data is being stored.

We will consider the rights of third parties whose information is included in the material you have requested. If possible, data about third parties will be anonymised prior to the information being released. If this is not possible, we will seek consent of the third party to release the information to you. Where consent cannot be obtained or is refused, we will consider whether it is reasonable to release the information in accordance with the Data Protection Act.

Some kinds of information are exempt from disclosure under the Data Protection Act. We will consider whether any exemptions apply before providing our response.

Our response will be provided within 40 calendar days of receipt of the written request, fee, ID and all information required to locate your data. Our response can be provided in digital or paper copy.