FAQs and Glossary
FAQs - Health Research Regulations
What is the purpose of the Data Protection Act?
Data Protection aims to protect individuals' right to privacy in regard to the processing of their personal data by those who control such data. Key rights that you have under the Data Protection Act include the right to access to your data and receive information about the personal details that Trinity holds about you, the right to alter or remove data in certain circumstances and the right to have your details used in line with Data Protection regulations.
What data is held by Trinity and why does it hold this data?
Trinity is a data controller of the personal data of over 20,000 staff and student data subjects, as well as thousands of data subjects for the purposes of research. Trinity holds a wide range of data in order to perform a variety of functions, and where the data is held depends on the purpose it is being held for. For example:
- Staff and student records are kept (in e.g. Academic Registry, Human Resources) for administrative purposes
- Financial records are kept (in e.g. Financial Services Division) in order to process payment of wages
- Some research projects involve the collection of participant data
What steps does Trinity take to ensure that my data is secure?
Trinity takes its obligations to keep your data secure very seriously. All members of the University community must abide by the Data Protection Policy, Data Protection Procedures and IT Security policy. There are clear procedures in place in the event of a personal data security breach and Trinity also provides training and guidance to staff members to minimise the likelihood of such breaches taking place.
Who has access to my data?
Only staff who have a legitimate need to access data in the performance of their professional duties will have access to your personal data. Many Trinity services, such as Student Counselling, College Health, Employee Assistance Programme and the Tutorial Service, are confidential and are bound by their own codes of ethics.
Student data will only be given to third parties in certain limited circumstances - see the Data Protection Procedures for further details. Students are informed about, and must consent to, such disclosures prior to registration each year.
How can I access my personal data?
In most cases, the department holding your personal data will be able to supply you with a copy of the relevant records if you make an informal request directly to them. However, if you are unable to get access to your data in this way, you are entitled to make a personal data access request to the University.
What should I do if there has been a data breach in my area?
Please see our webpage on procedures for personal data security breaches for further details.
- Automated Data - data stored in digital form, e.g. on a computer
- Data - information in a form that can be processed
- Data Controller - a body that processes and controls personal data
- Data Processing - performing any operation on data, e.g. obtaining, storing, consulting, altering, destroying or disclosing data
- Data Processor - a body that processes personal data on behalf of a data controller
- Data Protection Commission - the Irish Supervisory Authority, independent of the Government, which oversees compliance with the terms of the Data Protection Act
- Data Subject - the person who is the subject of the data, i.e. the data is about that person
- Manual Data - data that is stored in hard copy, e.g. in paper files
- Personal Data - data relating to a living individual who can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the University
- Personal Data Security Breach (Data Breach) - when personal data is made available to one or more third parties without the consent of the data subject
- Personal Data Access Request (Access Request) - Under the Data Protection Act, you may receive a copy of any personal data about you that is held by Trinity College Dublin by making a Personal Data Access Request
- Sensitive Data - personal data of a particularly sensitive or private nature, e.g. health data