Recently we had our first official request for information from a serving member of staff. This flagged up how unprepared we were to deal with such a request. Lucky for us the staff member is working with us to help prepare a better policy for such requests. The whole process has thrown up a number of questions along the lines of "how do other universities deal with this?". Any help or experience that you can bring to bare on these questions would be greatfully recieved.
1. When a request comes in do you assemble a folder of information to send back to the requestee via the data protection officer (or another) or does each data controller contact the requestee individually to send data ?
2. If you send a folder, is this folder assembled through the data protection officer or through another person ?
3. Does your data protection officer work in the IT or the Human Resources/Personnel department (or another department) ?
4. What level of information would you give to a requestee. Is it literally every email/payslip/room booking/expense form that your organisations has that refers to the requestee, or have you agreed that only certain documents are included ?
Thanks for your time,
University College Chichester
All archives of messages are stored permanently and are
available to the world wide web community at large at
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
(all commands go to [log in to unmask] not the list please)