Introduction

The EU-GDPR is now in force. It was transcribed into Irish law by the Data Protection Act 2018 on 24th May 2018. The regulation harmonises data protection law across member states albeit with some derogations permitted at the national level. The objective of the legislation is to address the challenges of an increasingly data driven society and whilst the Commission recognises the need for data to flow freely the rights of individuals must be protected in particular “ where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data”.

Accountability

All staff and students who process personal data have a responsibility to the individuals about whom they process that data and must be accountable for the data they use. All Schools and Units must have procedures that document and provide evidence of compliance with data protection legislation.

Obligations

All private and public organisations processing the personal data of individuals are required to comply with the principles and responsibilities of the legislation and give effect to the rights set out for individuals.

These include:

• Fair and lawful processing;

• Processing for specified, explicit and legitimate purposes;

• Minimisation, retention and security of personal data;

• Legal and contractual safeguards;

• Rights of access, rectification and notification;

• Right to object;

• Right to data portability;

• Data protection by design and default;

• Breach reporting and co-operation;

The University is responsible for ensuring the rights of students, staff and members of the public about whom personal data are processed are sufficiently protected.

If you have any queries relating to data protection and GDPR you can contact us at dataprotection@tcd.ie.