Privacy Policy

Data Protection

Please note, it is advisable to submit rights requests via email ( as preference due to remote working. Response times to requests in certain instances may be affected.

General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) came into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology (WIT), in terms of accountability and transparency, when using and storing personal data.

In undertaking the business of WIT, staff create, gather, store and process large amounts of data on a variety of data subjects including students (potential, current and former), staff, third parties and members of the public. Our use of personal data ranges from CCTV footage, financial transactions with commercial customers through to the processing a student’s details throughout their journey, from application through to graduation.

Policies & Documents Relevant to Data Protection

WIT is in the process of reviewing and updating policies inline with GDPR. Please find some relevant documents below. This list will be added to in due course.



What is GDPR?

The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.

The GDPR rules & regulations apply to all individuals the Institute processes data on.

What it Means for WIT?

An enhancement of regulations around the current practice of data protection (see Processing Principles tab).

What are The Main Areas of Change?

  • Changes to consent requirements
  • Increased rights for data subjects
  • Increased obligations on organisations with regard to accountability and transparency 
  • Mandatory breach reporting to the Data Protection Commission within 72 hours
  • Ensuring any new projects where data is being processed are designed with data privacy in mind 
  • Administrative fines 

What is WIT Doing to Comply?

  • Raising Awareness through training & communications
  • Engaging in a review of policies, processes & privacy statements 
  • Updating website privacy & cookies
  • Employee Training

Where Can I Get Further Information About GDPR?




Waterford Institute of Technology has established the following high level principles relating to Data Protection in order to comply with GDPR requirements.

  • Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
  • Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
  • Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
  • Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
  • Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed  (Principle of Data Storage Limitation);
  • Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to:
    • prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and
    • prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality)
Under Article 15 of the GDPR regulation you have a right to access information held by WIT about you. In order to receive this information you must make a subject access request (SAR) by filling in the application form available here and sending it to the Data Protection Corodinator via email to or by post to Room TL2.54 Tourism & Leisure Building, Waterford Institute of Technology, Cork Road, Waterford. Please note, from today 12th March, it is advisable to submit requests via email as preference due to the Covid 19 shutdown announced by the government. Response times to requests in certain instances may be affected.

You should provide any and all details which would help in progressing the request which might include student/staff ID, company name or any other details relevant. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 working days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.




   pdf  Data Protection Act 2018 Full Text

   pdf  EU General Data Protection Regulation Full Text 

   pdf  Compendium of Data Protection Acts 1998 & 2003




Subject Access Request Form

Blank Data Breach Reporting Form

Privacy Notice Essential Requirements

Approved Data Protection Impact Assessment Template

Remote Working 

Advice for Remote Working

Things to Consider Before Engaging Cloud Service Providers

Photo Consent

We take and use photos and videos at the institute all the time. They are an important part of our activity but we also need to ensure that when we use someone’s image (where they are the subject of or central to the photo or video being taken), we have permission to do so. Below you will find some advice and consent forms for adults and under 18s.

Advice when taking photos or video

WIT Photo & Video consent form

WIT Photo & Video consent form for under 18’s

Practical Tips & Resources

Things to Help With GDPR Compliance

Advising Data Subjects About How You Will Use Their Data

When discarding paper, ask yourself…

Research Relate Resources

How GDPR Changes The Rules For Research IAPP Article

GDPR and the Health Research Regulations 2018(video)

Health Research Consent Declaration Committee (HRCDC)

Health Research Decision Tree – Consent



Available here.