Trinity Information » College Policies » Data Protection Policy
Approved by the Board on 2nd March, 2005.
On this page:
- 1. Introduction
- 2. Purpose of this policy
- 3. Principles of data protection legislation
- 4. Responsibility
- 5. Procedures and Guidelines
- 6. Review
The University of Dublin, Trinity College needs to collect and use personal data (information) for a variety of purposes about its staff, students and other individuals who come in contact with the College. The purposes of processing data include the organisation and administration of courses, examinations, research activities, the recruitment and payment of staff, compliance with statutory obligations, etc. Data Protection legislation safeguards the privacy rights of individuals in relation to the processing of personal data. The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 confer rights on individuals as well as responsibilities on those persons processing personal data. Personal data, both automated and manual, are data relating to a living individual who is or can be identified, either from the data or from the data in conjunction with other information.
This policy is a statement of the College’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection legislation.
The College undertakes to perform its responsibilities under the legislation in accordance with the eight stated data protection principles outlined in the Acts as follows:
- 1. Obtain and process information fairly. The College will obtain and process personal data fairly in accordance with the fulfilment of its functions and its legal obligations.
- 2. Keep it only for one or more specified, explicit and lawful purposes. The College will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
- 3. Use and disclose it only in ways compatible with these purposes. The College will only use and disclose personal data in ways that are necessary for the purpose/s or compatible with the purpose/s for which it collects and keeps the data.
- 4. Keep it safe and secure. The College will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of the data and against their accidental loss or destruction. The College acknowledges that high standards of security are essential for processing all personal information.
- 5. Keep it accurate, complete and up-to-date. The College will have procedures that are adequate to ensure high levels of data accuracy and completeness and to ensure that personal data is kept up to date.
- 6. Ensure that it is adequate, relevant and not excessive. Personal data held by the College will be adequate, relevant and not excessive in relation to the purpose/s for which they are kept.
- 7. Retain it for no longer than is necessary for the purpose or purposes. The College will have a defined policy on retention periods for personal data and appropriate procedures in place to implement such a policy.
- 8. Give a copy of his/her personal data to an individual, on request. The College will have procedures in place to ensure that data subjects can exercise their rights under the data protection legislation.
The College has overall responsibility for ensuring compliance with data protection legislation where it is the controller of personal data. However all employees and students of the College who collect and/or control the contents and use of personal data are individually responsible for compliance with the data protection legislation. The College will provide support, assistance, advice and training to all departments, offices and staff to ensure it is in a position to comply with the legislation. The College has appointed an Information Compliance Officer who will assist the College and its staff in complying with the data protection legislation.
The College is committed to ensuring the protection of the privacy of personal data and in order to assist in the College’s compliance with the data protection legislation will provide best practice guidelines and procedures in relation to all aspects of data protection.
This policy will be reviewed regularly in light of any legislative or other relevant indications.