General Information - Data Protection
Welcome to the General Information section of the University's Data Protection Unit (DPU).
This section of the website provides general information and guidance on how the University manages its data protection affairs.
The DCU Data Privacy Policy can be accessed at the link below.
The purpose of the policy is to explain what Personal Data DCU processes and how and why we process it. In addition, the policy outlines our duties and responsibilities regarding the protection of Personal Data.
The DCU Personal Data Retention Policy can be accessed at the link below.
Personal Data Retention Policy
The purpose of the policy is to state the University’s position concerning the retention and destruction of Personal Data.
The DCU Data Classification Policy can be accessed at the link below.
The purpose of this policy is to support the classification of data to allow for the protection of Dublin City University data, or data held by Dublin City University, in terms of confidentiality, integrity, and availability.
The DCU Signing Authority Policy can be accessed at the link below.
The purpose of this policy is:
- to ensure only those University employees with appropriate approval and accountability are authorized to sign documents on behalf of the University;
- to define who may sign the documents listed in the appendix to this policy after their review and approval by the individuals or groups indicated in the appendix;
- to contribute to the management of exposure to risk which may arise when a document is signed on behalf of the University; and
- to promote good governance by applying appropriate internal controls.
The guidance below is intended to inform members of the public, staff and students on their data protection rights under GDPR.
The rights, some of which may be limited as they are not all absolute, include:
- The Right to be Informed
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restriction of Processing
- The Right to Object to Processing
- Rights in relation to Automated Decision-Making
These rights may be invoked when dealing with the University, or with one of its Campus Companies.
Further details of the rights may be accessed via the Public Guide link below.
Under data protection legislation, anyone may make a request to the University to obtain a copy of personal data relating to themselves which is held by the University. The requests can be made either in writing or verbally, and are sometimes referred to as 'Access Requests' or 'Data Subject Access Requests'.
While there is no required format for an Access Request to be made, the guide at the link below provides details on how such requests may be made to the University.
Requests can be made verbally (ideally directly to the Data Protection Unit) or in writing using one of the options below.
Access Request Application Form - Downloadable Word Version
Access Request Application Form - Online Version
Data protection legislation provides that, in certain circumstances, personal data may be processed for purposes other than the original purpose for which the data had been collected. For example, in relation to investigating or prosecuting criminal offences.
Thus, under these legal provisions, a law enforcement agency may make a request to the University for a copy of someone's personal data in such circumstances. Such law enforcement agencies may include An Garda Síochána, Revenue, or others.
When the University receives such a request, we will consider and evaluate it before a decision is made on whether or not to provide a copy of the requested personal data. (Please see DCU's Guide below.)
If the University receives a valid Court Order for the release of such data, the University has no discretion, and must comply with any such Order.
From time to time, the University may receive requests from An Garda Síochána for copies of CCTV recordings held by the University. In respect of such requests, DCU's Guide to Law Enforcement Requests also applies.
Additionally, and in order to comply with best practice and Data Protection Commission guidelines, the below Garda CCTV Request Form must be used by members of An Garda Síochána when requesting a copy of a CCTV recording(s) held by the University. No other form of request will be entertained.
Completed forms must be emailed to data.protection@dcu.ie where it will be assessed by the DPU in accordance with the University's guidelines and protocols in this area.
A Personal Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Typical examples of a data breach are:
- Emails or post containing personal data being sent to an incorrect recipient.
- Lost or stolen devices that hold personal data (e.g. laptops, USB keys etc).
- Hard copy files being lost or disposed of incorrectly.
- Hacking (real or suspected) of an IT system or database.
- A power cut or system error, resulting in lack of access to systems containg personal data.
All potential and suspected data breaches must be notified immediately to the Data Protection Unit (DPU) and it will determine whether it is a data breach and how it is to be managed in accordance with best practice.
If you suspect a breach has taken place the first step is to inform the DPU (by phone or email). Thereafer, complete the University's Data Incident/Breach Report Form (see below), and return it to the DPU without delay.
This section sets out the training available to DCU students in meeting their obligations to process personal data in a manner compliant with the relevant legislation.
The online DCU Data Protection course for students and post grads may be accessed via your Loop account at the link below. Once you login into Loop select the Data Protection course from the Loop Dashboard.
A guide from the Irish Data Protection Commissioner (DPC) to 'Frequently Asked Questions (FAQ)' regarding data protection matters may be accessed at the link below.
The links below are to specific Data Protection Notices & Statements that the University is required to make public either under the legislation or as part of an agreement with external entities.
A University guide to the safe disposal of hardcopy personal data is provided below.
Guidance on how to unsubscribe from DCU email group can be accessed at the link below.
A separate suite of data protection resources for staff of the University may be accessed at the link below.
Note: The link referenced above can only be viewed by members of Staff. If you and cannot see or access the webpage, then please log into the page from a different device or browser page and provide your DCU Multi-Factor Authentication details when prompted to do so.
The Data Protection Unit is a sub-unit of the Office of the Chief Operations Officer and it may be contacted via any of the options listed below.
The DPU's email address is data.protection@dcu.ie
Staff of the DPU may be contacted directly at any one of the following phone numbers.
Joan O'Connell : 01-700 6466
Geraldine Healy : 01-700 7628
Martin Ward : 01-700 7476
Data Protection Unit
Office of the Chief Operation Officer
Albert College
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209
Return to the Homepage of the Data Protection Unit
Return to the Homepage of the Office of the Chief Operations Officer