2. Divisional, Centre, Institution or Departmental Level – This is where the information
relating to the request is gathered. Staff should respond to the Info Rights team with
either the information, confirming they do not hold the information and/or pointing out
where redactions or exemptions may be needed within 21 days of receiving request
from the team. The action below are guides to follow and for certain request, information
may be sitting on more than one data store.
2.1. Acknowledge receipt of subject access request
2.2.
System check for staff name or LSE email address or student number e.g. SITS for
student and HR for staff
2.3.
Conduct searches. Below are the likely Data Stores, however, this is not inclusive and
any store where documents, emails and other information containing personal data will
be potentially searchable, including personal email and cloud storage accounts where
School related business information is stored. Use of non-School stores does not mean
that personal data is not recoverable, what matters is that the School is data controller
for the information which it will be for any personal data processed on behalf of the
School.
1. Cloud – Barclaycard, Doodlepoll, EvaSys, Issue Trak, MailChimp, Moodle, Office 365,
OneDrive, Qualtrics, QuickBooks, Salesforce, Sugar Sync cloud storage,
SurveyMonkey, VN (bytemark.co.uk), CMG Cloud and Others cloud
2. Drive – C, P, H, J, K, O, R, S, X, D, USB pen drive, ICEF drive and Google Drive
3. Electronic storage offsite, PaaS platform (heroku.com)
4. Physical storage – Department noticeboards, staff and student common room
5. SharePoint, Dropbox, Google server (TLC), Guestline data centre,
6. LSE archive in Wincanton
7. LSE for You
8. LSE hosted database
9. LSE Slough Data Centre
10. IMT Oracle Table
11. Training and development system
12. ThinkPad x250 (internal ssd)
13. SONA system, E REC system
14. School listserv, Resource Link, Poppulo, Nextcloud (Secure server at Bielefeld Uni)
15. CMS, Aptos, Contensis, WPN
16. Diversity Travel
17. Economics server, Unit-e servers
18. Elservier Electronic Editor System (EES)
19. Email, Engage ATS, Eventbrite, Evernote
2.4. Raise any issues with Info Rights team (not shown on the process flow chart). See
Appendix 3 for usual issues that arise.
2.5. For certain requests some information needs to be provided to data subject, see
Appendix 1 for more information and the requirements
2.6. Provide information to the Info Rights team
2.7. Below flow chart describes the full process to follow, Right to Erasure requires Info
Rights team input and authorisation for deletion before an individual data can be
forgotten or erased.
2.8. Automation decision and profiling as sectioned out in Red on the flow chart requires
physical action that may involve another member of staff or external body. Therefore, it is
advisable to include the respond by-date to avoid any delay.