Data Protection aims to protect individuals' right to privacy with regard to the processing of their personal data by those who control such data. The legislation governing this is the Data Protection Acts 1988 and 2003. These acts lay down rules about the safeguarding of the privacy of personal data. The General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018 will also enhance these rules.
Data Protection Policy
WIT's Data Protection Policy document outlines our Data Protection responsibilites, the personal data we collect and information on how to make a request for access to personal records.
WIT Data Protection Policy (policy currently under review)
To submit a Data Access Request or for any other queries please contact:
CPD, FOI & DP Co-ordinator,
Tourism & Leisure Building,
Waterford Institute of Technology
Tel: +353 51 302608
email: [email protected]
What is GDPR?
The EU General Data Protection Regulation (GDPR) will come into effect on 25th May 2018 and will require Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.
The GDPR rules & regulations will apply to data of both staff & students.
Types of Data covered?
Electronic, handwritten or any type of record created by an employee/a person acting on behalf of the organisation which contanis personal data.
What is Personal Data?
Any information related to a person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
What It Means for WIT?
An enhancement of regulations around the current practice of data protection (see Data Protection Rules).
What Are The Main Areas of Change?
- Consent - How consent is given/received
- Right to be Forgotten - Right ot have information
- Breach Notification - Mandatory Reporting to the Information Commission
- Data Portability - Can information be transported easily from one organisation to another
- Privacy by Design - Any new projects dealing with personal data must give consideration to data protection
- Right of Access - The right to access information easliy
What Is WIT Doing To Comply?
- Raising Awareness
- Engaging in a review of policies, processes & privacy statements
- Employee Training
Where Can I Get Further Information about GDPR?
WIT, as a Data Controller, has certain key responsibilities in relation to the information which we keep on computer or in a structured manual file about individuals. These are summarised in terms of eight "Rules" which we must follow, and which are listed below:
Obtain and process the information fairly
Keep it only for one or more specified and lawful purposes
Process it only in ways compatible with the purposes for which it was given to you initially
Keep it safe and secure
Keep it accurate and up-to-date
Ensure that it is adequate, relevant and not excessive
Retain it no longer than is necessary for the specified purpose or purposes
Give a copy of his/her personal data to any individual, on request
For further information on what type of data is collected by WIT see
Compendium of Acts 1998 & 2003
Data Protection Act 1998
Data Protection Amendment Act 2003