About WIT Headers

For StaffData Protection

Data Protection

Data Protection aims to protect individuals' right to privacy with regard to the processing of their personal data by those who control such data. The legislation governing this is the Data Protection Acts 1988 and 2003. These acts lay down rules about the safeguarding of the privacy of personal data. The General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018 will also enhance these rules.

Data Protection Policy

WIT's Data Protection Policy document outlines our Data Protection responsibilites, the personal data we collect and information on how to make a request for access to personal records.

 WIT Data Protection Policy (policy currently under review)

video logo Watch My Data, Your Business Video - Office of the Data Protection Commissioner

To submit a Data Access Request or for any other queries please contact:

Corina Power,
CPD, FOI & DP Co-ordinator,
Tourism & Leisure Building,
Waterford Institute of Technology

Tel: +353 51 302608
email: [email protected]

What is GDPR?

The EU General Data Protection Regulation (GDPR) will come into effect on 25th May 2018 and will require Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.

The GDPR rules & regulations will apply to data of both staff & students.

Types of Data covered?

Electronic, handwritten or any type of record created by an employee/ a person acting on behalf of the organisation which contains personal data.

What is Personal Data?

Any information related to a person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What It Means for WIT?

An enhancement of regulations around the current practice of data protection (see Data Protection Rules).

What Are The Main Areas of Change?

  • Consent - How consent is given/received.
  • Right to be Forgotten - Right to have information 
  • Breach Notification - Mandatory Reporting to the Information Commission.
  • Data Portability - Can information be transported easily from one organisation to another.
  • Privacy by Design - Any new projects dealing with personal data must give consideration to data protection.
  • Right of Access - The right to access information easily.

What Is WIT Doing To Comply?

  • Raising Awareness.
  • Engaging in a review of policies, processes & privacy statements.
  • Employee Training.

Where Can I Get Further Information about GDPR?


WIT, as a Data Controller, has certain key responsibilities in relation to the information which we keep on computer or in a structured manual file about individuals. These are summarised in terms of eight "Rules" which we must follow, and which are listed below:

  • Obtain and process the information fairly

  • Keep it only for one or more specified and lawful purposes

  • Process it only in ways compatible with the purposes for which it was given to you initially

  • Keep it safe and secure

  • Keep it accurate and up-to-date

  • Ensure that it is adequate, relevant and not excessive

  • Retain it no longer than is necessary for the specified purpose or purposes

  • Give a copy of his/her personal data to any individual, on request


For further information on what type of data is collected by WIT see

 A Guide for Data Controllers

 A Guide to your rights

 Compendium of Acts 1998 & 2003

Data Protection Act 1998

 Data Protection Amendment Act 2003