General Information - Data Protection
Welcome to the General Information section of the University's Data Protection Unit (DPU).
This section of the website provides general information and guidance on how the University manages its data protection affairs.
The DCU Data Privacy Policy can be accessed at the link below.
The purpose of the policy is to explain what Personal Data DCU processes and how and why we process it. In addition, the policy outlines our duties and responsibilities regarding the protection of Personal Data.
The DCU Personal Data Retention Policy can be accessed at the link below.
Personal Data Retention Policy
The purpose of the policy is to state the University’s position concerning the retention and destruction of Personal Data.
The DCU Data Classification Policy can be accessed at the link below.
The purpose of this policy is to support the classification of data to allow for the protection of Dublin City University data, or data held by Dublin City University, in terms of confidentiality, integrity, and availability.
The DCU Signing Authority Policy can be accessed at the link below.
The purpose of this policy is:
- to ensure only those University employees with appropriate approval and accountability are authorized to sign documents on behalf of the University;
- to define who may sign the documents listed in the appendix to this policy after their review and approval by the individuals or groups indicated in the appendix;
- to contribute to the management of exposure to risk which may arise when a document is signed on behalf of the University; and
- to promote good governance by applying appropriate internal controls.
The guidance below is intended to inform members of the public, staff and students on their data protection rights under GDPR.
The rights, some of which may be limited as they are not all absolute, include:
- The Right to be Informed
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restriction of Processing
- The Right to Object to Processing
- Rights in relation to Automated Decision-Making
These rights may be invoked when dealing with the University, or with one of its Campus Companies.
Further details of the rights may be accessed via the Public Guide link below.
One of the rights recognised under data protection legislation is the Right of Access. This provides individuals with the right to request a copy of any of their personal data which is held by DCU, as well as other relevant information. These requests are sometimes called Data Subject Access Requests.
Such requests can be made either in writing or verbally. While there is no required format for an Access Request to be made, the guide at the link below provides details on how these requests may be made to the University.
Data Subject Access Requests can be made in writing or verbally, ideally directly to the DCU Data Protection Unit. Written requests are not required to follow a particular format, but the options below may be useful if you are considering making such a request in writing:
Access Request Application Form - Downloadable Word Version
Access Request Application Form - Online Version
A Personal Data Breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Typical examples of a data breach are:
- Emails or post containing personal data being sent to an incorrect recipient.
- Lost or stolen devices that hold personal data (e.g. laptops, USB keys etc).
- Hard copy files being lost or disposed of incorrectly.
- Hacking (real or suspected) of an IT system or database.
- A power cut or system error, resulting in lack of access to systems containg personal data.
All potential and suspected data breaches must be notified immediately to the Data Protection Unit (DPU) and it will determine whether it is a data breach and how it is to be managed in accordance with best practice.
If you suspect a breach has taken place the first step is to inform the DPU (by phone or email). Thereafer, complete the University's Data Incident/Breach Report Form (see below), and return it to the DPU without delay.
This section sets out the training available to DCU students in meeting their obligations to process personal data in a manner compliant with the relevant legislation.
The online DCU Data Protection course for students and post grads may be accessed via your Loop account at the link below. Once you login into Loop select the Data Protection course from the Loop Dashboard.
Dublin City University occasionally receives requests from the Gardaí and other law enforcement agencies for certain types of personal data (e.g. CCTV, staff and student details etc.).
Any and all such requests are managed by the Data Protection Unit, and it we will assist in determining whether and how the request is to be dealt with. If you receive such a request please forward it to data.protection@dcu.ie
The guide below provides information to staff on how the University manages and assesses these types of requests for personal data.
DCU Guide to Requests from Law Enforcement
From time to time, the University may receive requests from An Garda Síochána for copies of CCTV recordings held by the University. In respect of such requests, DCU's Guide to Law Enforcement Requests also applies.
Additionally, and in order to comply with best practice and Data Protection Commission guidelines, the below Garda CCTV Request Form must be used by members of An Garda Síochána when requesting a copy of a CCTV recording(s) held by the University. No other form of request will be entertained.
Completed forms must be emailed to data.protection@dcu.ie where it will be assessed by the DPU in accordance with the University's guidelines and protocols in this area.
The links below are to specific Data Protection Notices & Statements that the University is required to make public either under the legislation or as part of an agreement with external entities.
A University guide to the safe disposal of hardcopy personal data is provided below.
Guidance on how to unsubscribe from DCU email group can be accessed at the link below.
A separate suite of data protection resources for staff of the University may be accessed at the link below.
Note: The link referenced above can only be viewed by members of Staff. If you and cannot see or access the webpage, then please log into the page from a different device or browser page and provide your DCU Multi-Factor Authentication details when prompted to do so.
A guide from the Irish Data Protection Commissioner (DPC) to 'Frequently Asked Questions (FAQ)' regarding data protection matters may be accessed at the link below.
The Data Protection Unit is a sub-unit of the Office of the Chief Operations Officer and it may be contacted via any of the options listed below.
The DPU's email address is data.protection@dcu.ie
Staff of the DPU may be contacted directly at any one of the following phone numbers.
Joan O'Connell : 01-700 6466
Geraldine Healy : 01-700 7628
Martin Ward : 01-700 7476
Data Protection Unit
Office of the Chief Operation Officer
Albert College
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209