Data Protection FAQs

  • As a staff member how can I follow best practice with regard to Data Protection?

    All staff should familiarise themselves with the DkIT Data Protection Policy, Procedures and Breach Management guidelines as well as reading the Guidelines for Staff on being compliant with DP. Staff should also attend any data protection training being offered on a regular basis.

  • How can I access my personal data?

    In most cases, the department holding your personal data will be able to supply you with a copy of the relevant records if you make an informal request directly to them. However if you are unable to get access to your data in this way you are entitled to make a personal data access request to the Institute. Please see the section on this webpage about Making a Subject Access Request.

  • Who has access to my data?

    Only staff who have a legitimate need to access data in the performance of their professional duties will have access to your personal data. Many services such as Student Counselling, Student Health Unit, Employee Assistance Programme for example are confidential and bound by their own codes of ethics.

    Student data is shared between Institute departments depending on the services students avail of for day to day administrative purposes but will only be given to third parties in certain limited circumstances. Students are informed about and must consent to such disclosures upon registration each year.

  • What steps does DkIT take to ensure that my data is secure?

    Dundalk Institute of Technology takes its obligations to keep your data secure very seriously. All members of the Institute community must abide by the Institute’s Data Protection Policy and Procedures and IT Security policies and procedures. There are clear procedures to be followed in the event of a personal data security breach and DkIT provide regular training to staff members to minimise the risk of such breaches taking place.

  • What data is held by Dundalk Institute of Technology and why does it hold this data?

    Dundalk Institute of Technology is a data controller of the personal data of circa 6000 staff and student data subjects, as well as data relating to data subjects for the purposes of research. DkIT holds a wide range of data in order to perform a variety of operations and where the data is held depends on the purpose it is being held for: For example: Staff records are retained in Human Resources for administrative purposes; recruitment, promotion,
    training, salary, pensions. The computerised system used to house the vast majority of this data is CORE HR/Payroll.

    Student records are retained in the main, in the Registrar’s domain including the Offices of Admissions, Fees & Grants, and Student Services however data will be held and shared with the students appropriate academic School. These are retained for administrative purposes and the computerised system used for student records is Banner. Financial records are kept in order to process payment of wages, grants, creditors etc. Some research projects will involve the collection of participant data.

  • What is the purpose of the Data Protection legislation?

    Data Protection aims to protect individuals’ right to privacy in regard to the processing of their personal data by those who control such data. Key rights that you have under Data Protection legislation include the right to access to your data and receive information about the personal details that Dundalk Institute of Technology (DkIT) holds about you, the right to alter or remove data in certain circumstances and the right to have your details used in line with Data Protection regulations.

Glossary of Terms

  • Sensitive Data

    Is personal data of a particularly sensitive or private nature for example health data.

  • Personal Data Access Request

    Under DP legislation you may receive a copy of any personal data that the Institute holds on you by making a Personal Data Access Request (or sometimes known as an Access Request).

  • Personal Data Security Breach

    This is when a data breach occurs ie when personal data is made available to one or more third parties without the consent of the data subject.

  • Personal Data

    Is data relating to a living individual who can be identified either from the data or from the data in conjunction with other information that is in or likely to come into the possession of the Institute.

  • Manual Data

    Data that is stored in hard copy format for example paper files

  • Freedom of Information / Data Protection Officer

    The person who is responsible for advising the Institute on matters relating to Data Protection and Freedom of Information

  • Data Subject

    The person who is the subject of the data (the data is about that person)

  • Data Protection Commissioner

    The Commissioner, independent of the Government, who oversees compliance with the terms of the DP Acts.

  • Data Processor

    A body that processes personal data on behalf of a data controller.

  • Data Processing

    Performing any operation on data, eg obtaining, storing, consulting, altering, destroying or disclosing data.

  • Data Controller

    A body that processes and controls personal data

  • Data

    Information in a form that can be processed

  • Automated data

    Data stored in digital form (on a computer for example)

Contact Data Protection Office

  • Loretto Gaughran
  • Data Protection Office
  • Freedom of Information Officer