About- banner -3 About- banner -1 About- banner -2

Data Subject Rights

Note: "Section numbers" below are those of the Data Protection Act. Hyperlinks are inserted for the convenience of the small number of members of staff who need to refer to the Act directly.

The rights of Data Subjects are:

  • to have their personal data processed fairly and lawfully (according to the First Data Protection Principle: this includes being told the purposes of processing);
  • to have access to their personal data by making a Data Subject Access Request (Section 7);
  • to object to processing of their personal data which:
    • is likely to cause damage or distress (Section 10) (except in specified circumstances such as a legal obligation on the Data Controller)
    • is being undertaken for Direct Marketing purposes (Section 11)
    • relates to important automated decision-taking (Section 12) (Relevant processing at Goldsmiths includes some examination marking by optical mark reader);
  • to receive compensation for failure by the Data Controller to process his or her personal data according to the provisions of the Data Protection Act (Section 13);
  • to require rectification, blocking, erasure or destruction of inaccurate personal data (Section 14);
  • to request the Information Commissioner to assess whether his or her personal data is being processed according to the provisions of the Data Protection Act (Section 42).

Rights of Data Subjects may be waived by specific Exemptions in the Data Protection Act. (For example, by criminals are not able to access their personal data held by the Police in the course investigating their crimes.)

It should be noted that, since the Data Subject has a right to object to certain kinds of processing of personal data, it follows that the Data Controller has a responsibility to make him or her aware that this processing is occurring. This has implications for the construction of Fair Processing Notices.

If a Data Subject objects to the processing of personal data, this does not necessarily mean that the Data Controller must cease processing. It does mean that the complaint must be formally investigated and a response given, which will then be subject to investigation by the Information Commissioner if the Data Subject exercises his/her right to request an assessment.

Content last modified: 03 Oct 2014

Goldsmiths, University of London, New Cross, London, SE14 6NW, UK
Telephone: + 44 (0)20 7919 7171

Goldsmiths has charitable status

© 2000- Goldsmiths, University of London. Copyright, Disclaimer and Company information | Statement on the use of cookies by Goldsmiths