What is Data Protection?

Personal data may be described as any information relating to an identified or identifiable living individual who is, or can be, identified - directly or indirectly - from that information.

Data protection is a legal framework. The primary purpose of data protection law is to safeguard the rights of individuals where an entity, such as a university, processes personal data. 

There is therefore an obligation on all organisations, including Dublin City University (DCU) and its wholly-owned campus companies, to process personal data in a manner compliant with the law.

In order to carry out its statutory, academic and administrative functions, the University collects and processes personal data relating to many categories of individuals, including students and staff of the University. DCU takes protection of personal data seriously and consequently takes all reasonable steps to comply with data protection legislation. 

The University is committed to ensuring that all staff, registered students, agents, contractors and data processors comply with data protection law.

DCU as a Data Controller

A Data Controller is:

the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Dublin City University is a Data Controller, as defined by the General Data Protection Regulation (GDPR).

Controllers make decisions about processing activities, including the fundamental 'how and why' of processing (determining the "purposes and means"). A Controller exercises overall control of the personal data processed by them, and are ultimately responsible for safeguarding personal data, and otherwise ensuring compliance with data protection law.

Return to the Homepage of the Data Protection Unit