Your Rights
Data protection is a fundamental right as set out in Article 8 of the EU Charter of Fundamental Rights.
The GDPR provides the following rights for individuals. Click on each one for further information.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Trinity College has developed a Data Subject Rights Request Procedure to assist individuals who wish to exercise their rights under GDPR. It is important to note that these rights are not absolute and may be subject to exceptions.
How to Make an Access RequestFurther information and support, including the right to lodge a complaint with the Data Protection Supervisory Authority is available here.
Right to be Informed
Article 12 GDPR. Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR and can be achieved by providing individuals with a Privacy Notice which clearly explains the purposes and means of processing at the point of data collection. The information should be concise & transparent and must use clear and plain language. To assist staff and students, Trinity College has developed a PRIVACY NOTICE TEMPLATE which should be used when collecting personal data. For further support please contact dataprotection@tcd.ie.
Right Of Access
Article 15 GDPR. Individuals have the right to access their personal data that is under the control of Trinity College. Responses to access requests will be issued within one month unless an extension is required.
To access your personal data:
- Complete the Data Access Request Form - please give as much information as possible about the data you wish to access.
- Include ID (e.g. a copy of your passport, drivers licence or staff/student ID card) with your application.
- Send the form to the Data Protection Officer at dataprotection@tcd.ie.
Right to Rectification
Article 16 GDPR. Individuals have the right to request rectification of their personal data, including the correction or errors and the updating of incomplete information.
Right to Erasure
The right to erasure – also known as the right to be forgotten – allows a data subject to stop all processing of their data and request their personal data be erased (Article 17). This right is subject to certain conditions.
Right to Restrict Data Processing
Individuals, under certain circumstances, can request that all processing of their personal data be restricted (Article 18). This right is subject to certain conditions.
Right to be Informed
Individuals must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded (Article 12).
Right to Data Portability
A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
Right to Object
If a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21).
Right to Reject Automated Individual Decision-Making
Individuals have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects – profiling for example (Article 22).
How to Make an Access Request
Under data protection law, you may receive a copy of any personal data about you that is held by Trinity College. If you wish to make a request for access to your personal data, please follow these steps:
- Complete the Data Access Request Form - please give as much information as possible about the data you wish to access.
- Include proof of identity (e.g. a copy of your passport, drivers licence or staff/student ID card) with your application.
- Send the form to the Data Protection Officer at dataprotection@tcd.ie.
Responses to access requests will be issued within one month as required under the GDPR.
If you are not satisfied with the response to your request you should notify the Data Protection Commission.
For further information on how to exercise your rights under data protection please contact the Data Protection Officer at:
Data Protection Officer Secretary’s Office Trinity College Dublin Dublin 2 dataprotection@tcd.ie