Skip navigation

Right to Data Portability

Art. 20 GDPR The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided”

 

Data Portability strengthens the data subject’s rights to control over their personal data, as GDPR provides the right to receive back some of the information held about them in a structured, commonly used and machine-readable format (for example CSV files).

The purpose of this right is for the data subject to be able to transmit the data to another data controller without hindrance.

When does it apply?

Data Portability does not apply to all processing activities. A data subject has the right to receive back from the University the personal data which he or she has provided directly to us where:

  • the processing is based on consent or on a contract; and
  • the processing is carried out by automated means (i.e. electronically processed only)

 

The definition of “provided directly” includes: 

  • Data actively and knowingly provided by the data subject, for example, mailing address, user name, age, etc
  • Observed data “provided” by the data subject by virtue of the use of the service or a device. They may for example include a person’s search history, traffic data and location data.
    • It may also include other raw data such as the heartbeat tracked by fitness or health trackers.

When doesn't it apply?

The right to data portability does not apply where:

  • The processing is based on any legal grounds other than consent or contract.
  • Where the personal data is provided via a third party (UCAS, external parties etc)
  • Where the personal data was provided in an non electronic format (paper forms) and entered into an automated system
  • Where the personal data has been generated by the University from other data held about the data subject
  • Where data has been anonymised

 

How long does the University have to comply?

Without any undue delay and certainly no longer than a month from the date of request.

Can timescale be extended?

 

Yes – if the request is complicated, we can extend for a further two months, but we will let you know if this is the case within the original timescale

Is there a fee?

 

No

What if the University doesn’t comply?

If the University fails to provide a response to your satisfaction, you should raise complaint with the University Data Protection Officer dp.officer@northumbria.ac.uk

If you remain dissatisfied, you may request the ICO to undertake the judicial review:

  • If the ICO does not agree with the University, this may result in us being instructed to make the rectification as originally requested, either in full or in part. We will do this within one month of the ICO notifying us.
  • If the ICO agrees with the University, the note will remain on your account but no further action will be taken and no changes will be made to the data.

How do I request data?

You may submit a request for portable data in a number of different ways, including via telephone or in person, but for it to be considered a valid request, it must be clear what data you are requesting

 

We would encourage you to submit a request in writing wherever possible as this will be as much for your own befit as ours, as it will:

 

  • Provide a clear audit trail as to when you submitted your request.
  • Ensure that both you and the University have a clear record of what you have requested.

Requests should clearly state what data you are requesting along with when and where it was provided by you (i.e. the web form you submitted it through, the activity you were undertaking when you provided it etc). If it is unclear what you are requesting, you will be asked to clarify.

 

Requests can also be submitted to the University Data Protection Officer:

 

T:  +44 (0)191 243 7357

E:   dp.officer@northumbria.ac.uk

P: Vice-Chancellor’s Office, Legal Services Team, Northumbria University,  Ground Floor, Pandon Building, Newcastle upon Tyne, NE1 8ST

Proof of Identity

To make sure that someone doesn’t request us to erase your data illegally, we will ask for proof of your identity. Acceptable proof of identity shall be any of:

 

  • A copy of Photographic ID such as passport, driving licence or Student ID
  • Birth Certificate.
  • Two utility bills or bank statements (with redacted transactions) containing a full address of less than 3 month sold.

 

Please note that originals are not required, but can be scanned and sent in via email or they will be copied if presented in person. The University will refuse a request if we do not have evidence that the requestor is entitled to access the information


+

Northumbria Open Days

Open Days are a great way for you to get a feel of the University, the city of Newcastle upon Tyne and the course(s) you are interested in.

Research at Northumbria
+

Research at Northumbria

Research is the life blood of a University and at Northumbria University we pride ourselves on research that makes a difference; research that has application and affects people's lives.

+

Order your prospectus

If you would like to know more about our courses, or life in general as a student at Northumbria, then we can help you.

Latest News and Features

More news

Back to top