Guidelines for Staff

This page is a summary guide to the most common data protection issues encountered by Trinity staff. For more detailed advice, please refer to the Data Protection Procedures.

Top Ten Tips for Staff (PDF)

Hard copies of this flyer are available on request from

Eight Rules of Data Protection

  1. obtain and process data fairly;
  2. keep data only for one or more specified and lawful purposes;
  3. use and disclose data only in ways compatible with the purposes for which it was initially given;
  4. keep data safe and secure;
  5. keep data accurate, complete and up-to-date;
  6. ensure that data is adequate, relevant and not excessive;
  7. retain data no longer than is necessary for the specified purpose or purposes;
  8. provide a copy of his/her personal data to any individual, on request.


  • If you have to share personal data in the course of performing University functions, make sure you only share the data with colleagues who need to know it.
  • If a parent / guardian of a student contacts you to request their son or daughter's personal data (e.g. exam results, registration details) you should not release that data unless you have the written consent of the student to do so.
  • If you are emailing more than one student at a time, you should always use the "Bcc" option to avoid sharing students' personal data (email address) with other students. Student email lists should not be shared with class reps or student societies. If a class rep wants to email all the students in their class, you could offer to forward the email on their behalf.
  • If you are unsure as to whether a particular set of data should be retained or disposed of, refer to the Records Management Policy and your area's own records retention schedules. The Data Protection Act does not specify timelines for records retention.
  • If a data breach occurs in your area, you should immediately contact the Information Compliance Officer. See Procedures for Personal Data Security Breaches for further details.