Data Subject Rights

The rights of data subjects under GDPR are set out in Chapter 3 of the Regulation.

There are eight fundamental rights under GDPR:

1. Right to Access Personal Data

Under GDPR, data subjects have the right to access their personal data that is processed by a data controller. The data controller must respond to that request within one month (Article 15 GDPR). This period may be extended to three months under certain circumstances.

2. Right to Rectification

Data subjects have the right to request rectification of their personal data, including the correction or errors and the updating of incomplete information (Article 16).

3. Right to Erasure

The right to erasure – also known as the right to be forgotten – allows a data subject to stop all processing of their data and request their personal data be erased (Article 17). This right is subject to certain conditions.

4. Right to Restrict Data Processing

Data subjects, under certain circumstances, can request that all processing of their personal data be restricted (Article 18). This right is subject to certain conditions.

5. Right to be Informed

Data subjects must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded (Article 12).

6. Right to Data Portability

A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).

7. Right to Object

If a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21).

8. Right to Reject Automated Individual Decision-Making

Data subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects – profiling for example (Article 22).

How to Make an Access Request

Under data protection law, you may receive a copy of any personal data about you that is held by Trinity College. If you wish to make a request for access to your personal data, please follow these steps:

  1. Complete the Data Access Request Form - please give as much information as possible about the data you wish to access.
  2. Include proof of identity (e.g. a copy of your passport, drivers licence or staff/student ID card) with your application.
  3. Send the form to the Data Protection Officer at dataprotection@tcd.ie.

Responses to access requests will be issued within one month as required under the GDPR.

If you are not satisfied with the response to your request you may contact the Data Protection Commission.

For further information on how to exercise your rights under data protection law please see our Data Subject Rights Request Procedure.