About WIT Headers

Documents And PoliciesData Protection

Data Protection

***This area of the website is currently under review based on GDPR regulations***

General Data Protection Regulation 

The EU General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology (WIT), in terms of accountability and transparency, when using and storing personal data.

In undertaking the business of WIT, staff create, gather, store and process large amounts of data on a variety of data subjects including students (potential, current and former), staff, third parties and members of the public. Our use of personal data ranges from CCTV footage, financial transactions with commercial customers through to the processing a student’s details throughout their journey, from application through to graduation.

Policies Relavent to Data Protection

WIT is in the process of reviewing and updating policies inline with GDPR. The below list of documents will be availble shortly following the standard approval process. Please note this list is not exhaustive and additional policies will be added.


  • Data Protection Policy
  • Data Protection Procedures
  • Data Governance Policy
  • Data Handling & Clean Desk Policy
  • Data Protection Incident Response & Breach Notification Policy
  • Data Access Management Policy
  • Privileged User Policy
  • Data Retention Policy
  • Data Encryption & Data Anonymisation/Pseudonymisation Policy
  • Network Security Policy
  • Systems Development Life Cycle Policy
  • Information Security Policy
  • IT Architecture Security Management Policy 



Data Protection For Students                       Data Protection For Staff                            

Data Protection for Students                             staff GDPR                 


Data Protection for Website Users

website users



Click on the links below to view Privacy Notices


Website Users including Cookie Usage


GDPR What is GDPR?

The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.

The GDPR rules & regulations apply to all individuals the Institute proceses data on.


What it Means for WIT?

An enhancement of regulations around the current practice of data protection (see Processing Principles tab).

What are The Main Areas of Change?

  • Changes to consent requirements
  • Increased rights for data subjects
  • Increased obligations on organisations with regard to accountability and transparency 
  • Mandatory breach reporting to the Data Protection Commission within 72 hours
  • Ensuring any new projects where data is being processed are designed with data privacy in mind 
  • Administrative fines 

What is WIT Doing to Comply?

  • Raising Awareness through training & communications
  • Engaging in a review of policies, processes & privacy statements 
  • Updating website privacy & cookies
  • Employee Training

Where Can I Get Further Information About GDPR?

The Irish Data Protection Commission has created a specific website containing information on GDPR visit http://www.gdprandyou.ie or you can also visit http://www.dataprotection.ie 

Waterford Institute of Technology has established the following high level principles relating to Data Protection in order to comply with GDPR requirements.

  • Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
  • Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
  • Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
  • Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
  • Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed  (Principle of Data Storage Limitation);
  • Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to:
  1. prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and
  2. prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality)


Under Article 15 of the GDPR regulation you have a right to access information held by WIT about you. In order to receive this information you must send a request in writing either via email to [email protected] or to The Data Protection Officer, Room TL2.54 Tourism & Leisure Building, Waterford Institute of Technology, Waterford. You should provide any and all details which would help in progressing the request which might include Student/Staff ID, Company name or any other details relevant. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.

See below details of the Data Protection Officer

Corina Power,
Data Protection Officer,
Room TL2.54 Tourism & Leisure Building,
Waterford Institute of Technology,
[email protected], +353 51 302608


pdf      Data Protection Act 2018 Full Text

 pdf    EU General Data Protection Regulation Full Text 

pdf     Compendium of Data Protection Acts 1998 & 2003

If you cannot find an answer to your question below please contact us [email protected] or call 051 302608