Privacy Policy
Data Protection
Please note, it is advisable to submit rights requests via email (dataprotection@wit.ie) as preference due to remote working. Response times to requests in certain instances may be affected.
General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology (WIT), in terms of accountability and transparency, when using and storing personal data.
In undertaking the business of WIT, staff create, gather, store and process large amounts of data on a variety of data subjects including students (potential, current and former), staff, third parties and members of the public. Our use of personal data ranges from CCTV footage, financial transactions with commercial customers through to the processing a student’s details throughout their journey, from application through to graduation.
Policies & Documents Relevant to Data Protection
WIT is in the process of reviewing and updating policies inline with GDPR. Please find some relevant documents below. This list will be added to in due course.
GDPR
What is GDPR?
The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.
The GDPR rules & regulations apply to all individuals the Institute processes data on.
What it Means for WIT?
An enhancement of regulations around the current practice of data protection (see Processing Principles tab).
What are The Main Areas of Change?
- Changes to consent requirements
- Increased rights for data subjects
- Increased obligations on organisations with regard to accountability and transparency
- Mandatory breach reporting to the Data Protection Commission within 72 hours
- Ensuring any new projects where data is being processed are designed with data privacy in mind
- Administrative fines
What is WIT Doing to Comply?
- Raising Awareness through training & communications
- Engaging in a review of policies, processes & privacy statements
- Updating website privacy & cookies
- Employee Training
Where Can I Get Further Information About GDPR?
PROCESSING PRINCIPLES
Waterford Institute of Technology has established the following high level principles relating to Data Protection in order to comply with GDPR requirements.
- Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
- Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
- Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
- Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
- Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed (Principle of Data Storage Limitation);
- Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to:
- prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and
- prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality)
You should provide any and all details which would help in progressing the request which might include student/staff ID, company name or any other details relevant. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 working days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.
Legislation
Data Protection Act 2018 Full Text
EU General Data Protection Regulation Full Text
Compendium of Data Protection Acts 1998 & 2003
Resources
Forms
Blank Data Breach Reporting Form
Privacy Notice Essential Requirements
Approved Data Protection Impact Assessment Template
Remote Working
Things to Consider Before Engaging Cloud Service Providers
Photo Consent
We take and use photos and videos at the institute all the time. They are an important part of our activity but we also need to ensure that when we use someone’s image (where they are the subject of or central to the photo or video being taken), we have permission to do so. Below you will find some advice and consent forms for adults and under 18s.
Advice when taking photos or video
WIT Photo & Video consent form
WIT Photo & Video consent form for under 18’s
Practical Tips & Resources
Things to Help With GDPR Compliance
Advising Data Subjects About How You Will Use Their Data
When discarding paper, ask yourself…
Research Relate Resources
How GDPR Changes The Rules For Research IAPP Article
GDPR and the Health Research Regulations 2018(video)
Health Research Consent Declaration Committee (HRCDC)
Health Research Decision Tree – Consent
FAQs
Available here.
