Skip to main content

Trinity College Dublin, The University of Dublin

Trinity Menu Trinity Search



You are here Information for Teaching and Professional Staff > GDPR

GDPR what is required in Schools

  • Only provide the information to those with a legitimate right to it and for the purposes of implementing Reasonable Accommodations
  • Ensure your School GDPR procedures include a section outlining how you manage disability data in SITS (See Disability Service Privacy Notice for an example of the level of information suggested here)
  • Set out a clear process for the dissemination of disability data and share it with all in the School who will have access to this data
  • Ensure all staff who have access to this disability data have completed the GDPR training provided by the Data Protection Office in Trinity
  • When downloading lists of students with reasonable accommodations password protect all downloads 
  • Store all lists securely in line with the University’s and your School GDPR procedures
  • Do not email unprotected lists of disability data
  • Do not send any protected data to non-Trinity email addresses

GDPR – what I need to know about disability data shared with Schools


Trinity encourages students with disabilities to disclose disability information on their disability/specific learning difficulty to the Disability Service before they apply to Trinity or at any point during their studies. Such disability disclosure is encouraged so that Trinity can work with the student in ensuring that any reasonable accommodation required is identified and facilitated in consultation with the student.

An electronic record of the student contact with Trinity is held securely in accordance with the Data Protection Act (1998-2003), and information provided to the Disability Service is regarded as ‘sensitive personal data’. Any documentation or information presented in disclosing a disability is held by the Disability Service, and specific medical or other documentation will not be disclosed to any third party, except where necessary to provide reasonable accommodations.

Where a student requests and is granted any form of reasonable accommodation, such as extra time in exams, or permission to record lectures, the Disability Service will, in consultation with the student, disclose relevant information to the individuals in those Schools responsible for providing or facilitating students in accessing such accommodations. Disability disclosure and reasonable accommodations are communicated via the LENS report in SITS – see link.


Trinity Consent to Disclose and Share Disability Information


All disability information is defined as sensitive personal data under GDPR and the Trinity Disability Services takes this very seriously. We spend significant time explaining disability disclosure and how we share disability data via the LENS to students. We encourage students to disclose a disability giving them confidence in knowing the reasonable accommodation process via the LENS dissemination to Schools works well. The Trinity Consent to Disclose and Share Disability Information form outlines:

  • Why we hold data
  • What data we share and who we share data with
  • How we store data

What is a LENS?

LENS dissemination to Schools

Trinity Disability Service from the 2018-2019 academic year will disseminate all reasonable accommodations via the LENS report in SITS, the student portal. Students with disabilities who register for disability supports will automatically have their supports communicated via the LENS in SITS.

Guidance on accessing LENS information in SITS is provided at the following link.

What is a data controller under GDPR legislation?


A data controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
More GDPR information is available at: https://www.dataprotection.ie/docs/Are-you-a-Data-Controller/y/43.htm and Trinity GDPR at https://www.tcd.ie/info_compliance/data-protection/gdpr/

Disability Data controllers – who is responsible in Trinity?


The Disability Service is responsible for determining reasonable accommodation as per the Trinity Reasonable Accommodation Policy and communicating these to the School in which the student is studying. The Disability Service is a data controller under GDPR.
Schools are responsible for implementing reasonable accommodation in their teaching and learning and assessments. For example, examination accommodation at departmental/course level will require School staff to extract exam accommodations from the list of reasonable accommodations provided in SITS. Schools are data controller under GDPR.

All Schools are expected to have effective dissemination processes in place for sharing LENS reasonable accommodation information only with the relevant staff in the School who require this information.

As data controllers Schools must ensure sensitive personal data is protected.

GDPR what is required

  • Only provide the information to those with a legitimate right to it and for the purposes of implementing Reasonable Accommodations
  • Ensure your School GDPR procedures include a section outlining how you manage disability data in SITS (See Disability Service Privacy Notice for an example of the level of information suggested here)
  • Set out a clear process for the dissemination of disability data and share it with all in the School who will have access to this data
  • Ensure all staff who have access to this disability data have completed the GDPR training provided by the Data Protection Office in Trinity
  • When downloading lists of students with reasonable accommodations password protect all downloads 
  • Store all lists securely in line with the University’s and your School GDPR procedures;
  • Do not email unprotected lists of disability data
  • Do not send any protected data to non-Trinity email addresses