Sharing Personal Data
Data Sharing - Internal
Internal data sharing with colleagues within your own School, Unit or Institute or with colleagues from another area within the University should only be carried out using University IT systems and in accordance with University policies.
Before sharing data, considered the following:
- Is the sharing of personal data necessary?
- Is the minimum amount of data being shared?
- Is the data being shared with the appropriate recipient(s)?
- Are you satisfied that the appropriate control mechanisms are in place for the data at its destination?
Avoid sharing large quantities of data (e.g. spreadsheets) or confidential / sensitive data via email. Use Microsoft OneDrive or SharePoint where appropriate.
Data Sharing - Third Parties
Trinity College shares data with partner organisations and engages the services of third party processors for certain processing activities.
The University carries out contractual due diligence when forming such business relationships and utilises information security audits to identify, categorise and record personal data that is processed outside of Trinity College’s direct control, so that the data, processing activity, third party and legal basis are recorded, reviewed and easily accessible.
Such external processing and data sharing includes (but is not limited to):
- IT systems and services
- HR and Payroll services
- Partner institutes and organisations which take Trinity students on placement
- Access Control systems
- CCTV systems
Staff and students intending to transfer personal data to third party processors or sharing personal data with research partners should contact firstname.lastname@example.org for support.
Data Sharing - International Data Transfers
The GDPR imposes restrictions on the transfer of personal data to third countries or international organisations located outside of the European Economic Area (‘EEA’). These restrictions are in place to ensure that the level of protection and accountability afforded by GDPR is not undermined.
Personal data may only be transferred from Trinity College to entities situated outside of the EEA in compliance with the conditions for transfer as set out under Chapter V GDPR.
Staff and students intending to transfer personal data outside of the EEA, for example; using third party processors or sharing personal data with research partners should contact email@example.com for support.
EU Standard Contractual Clauses for data transfers between EU and non-EU countries - link to template clauses here.
European Data Protection Board - Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data. Version 2.0. Adopted on 18 June 2021 - link to text here.