***This area of the website is currently under review based on GDPR regulations***
General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology (WIT), in terms of accountability and transparency, when using and storing personal data.
In undertaking the business of WIT, staff create, gather, store and process large amounts of data on a variety of data subjects including students (potential, current and former), staff, third parties and members of the public. Our use of personal data ranges from CCTV footage, financial transactions with commercial customers through to the processing a student’s details throughout their journey, from application through to graduation.
Policies Relavent to Data Protection
WIT is in the process of reviewing and updating policies inline with GDPR. The below list of documents will be availble shortly following the standard approval process. Please note this list is not exhaustive and additional policies will be added.
What is GDPR?
The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.
The GDPR rules & regulations apply to all individuals the Institute proceses data on.
What it Means for WIT?
An enhancement of regulations around the current practice of data protection (see Processing Principles tab).
What are The Main Areas of Change?
- Changes to consent requirements
- Increased rights for data subjects
- Increased obligations on organisations with regard to accountability and transparency
- Mandatory breach reporting to the Data Protection Commission within 72 hours
- Ensuring any new projects where data is being processed are designed with data privacy in mind
- Administrative fines
What is WIT Doing to Comply?
- Raising Awareness through training & communications
- Engaging in a review of policies, processes & privacy statements
- Updating website privacy & cookies
- Employee Training
Where Can I Get Further Information About GDPR?
Waterford Institute of Technology has established the following high level principles relating to Data Protection in order to comply with GDPR requirements.
- Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
- Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
- Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
- Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
- Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed (Principle of Data Storage Limitation);
- Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to:
prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and
- prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality)
Under Article 15 of the GDPR regulation you have a right to access information held by WIT about you. In order to receive this information you must send a request in writing either via email to [email protected] or to The Data Protection Officer, Room TL2.54 Tourism & Leisure Building, Waterford Institute of Technology, Waterford. You should provide any and all details which would help in progressing the request which might include Student/Staff ID, Company name or any other details relevant. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.
See below details of the Data Protection Officer
Waterford Institute of Technology,
[email protected], +353 51 302608
If you cannot find an answer to your question below please contact us [email protected] or call 051 302608