GDPR – Data Subject Access Requests (SAR)
Under GDPR, indviduals (or their authorised representatives) have the right to make enquiries about the data the College holds on them. These are called Subject Access Requests.
There are two ways to make a Subject Access Request:
1. (Preferred and quickest) is to submit a request (and required proof of identity documents) online using our submission portal found at https://submit.bnc.ox.ac.uk - simply select the Data Subject Access Submission box.
2. Download and complete the SAR submission form from here and post it to:
The Data Protection Officer
- All Data Subject Access requests require proof of identity & address
- Will be responded to within one calendar month
- If submitting a data access request on behalf of someone else, proof of authorisation to do so will be required.
What can be Requested?
Individuals have a right to be informed by the College as to whether or not it is processing personal data that relates to them and, if so, to be told:
- What personal data it is being processed.
- The purposes for which the personal data is being processed.
- Who, if anyone, the personal data is disclosed to.
- The extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose.
What information does the College hold about me?
The College has published a variety of documents as required by the GDPR (2016) that explain what data is held, for what reason, for how long and measures in place to protect it. All information relating to how the College processes data can be found at https://www.bnc.ox.ac.uk/privacypolicies
What is the College's procedure for Subject Access Requests?
The College's Subject Access Request Procedure can be found here.