Data Protection Policies, Guides, Protocols and Templates
Personal Data - DCU Guidance & Procedures
This section of the data protection web pages provides links to the relevant policies, guides and training materials which staff, students and other interested parties may find useful. In addition, it also provides guidance on making a personal data access request to the university.
N.B. If you want to access any of the Staff Access only documents
The documents listed below set out the University's primary policies & notices related to personal data.
A) Personal Data Policies
B) Notices & Statements
DCU Privacy Notice - Recording of lectures (PDF, 523KB)
In-class notice - Recording of lectures (PPT, 6584KB)
A) Data Subject Rights Procedure
Data Subjects Rights Procedure - Staff Guide (Staff Access Only)
B) Data Breach Reporting Procedure
C) Data Protection Impact Assessments (DPIAs)
Staff Guide to the DPIA process
Step 1 - Screening Questionnaire
Step 2 - DPIA Template
Step 2 - DPIA Tempate for Health Research
D) Data Processing Agreements (DPA) Templates & MOU Clause
The following legal agreement templates (or MOU text) are to be used by DCU units when negotiating the legal arrangements pertaining to the transfer of personal data. For advice on which one to use please contact the Data Protection Unit (Ext 7476 / 6466 / 7476). All of the documents are 'Staff Access Only' so please click on text at the top of this web page prior to downloading as necessary.
1) DPA Template - DCU as the Data Controller
2) DPA Template - Annex / Addendum to an existing agreement
3) DSA Template - Joint Controllers
4) DPA Template - DCU as a Data Processor
5) MOU Clause
6) Guide to Standard Contractual Clauses (SCCs)
E) Data Protection & Research
G) ISS Guidance
H) Document Shredding / Disposal Guide
I) Unsubscribe from a DCU Email Group
Guide & Application Form for Individuals
Under the legislation any individual may make a request to obtain a copy of their own personal data held by Dublin City University. These requests are known as 'Access Requests' or alternatively 'Subject Access Requests'. The guide at the link below explains in further detail how such a request may be made. Anyone who wishes to make a request should first of all review the guidance below and formally make the request using the application form provided.
Guide for University Staff
A separate guide for members of staff of the University who are handling an access request is provided below. Please note you must provide a valid staff login name and password to access the guide.
Staff Guide to Subject Access Requests (Staff Access Only)
Staff Personnel Files - Access Requests
In addition to the general right of access described above, staff of the University may view their own personnel file which is held by the Human Resources office. Please click on the following link for further details:
Garda Requests for Copies of CCTV Recordings
From time to time members of An Garda Síochaná who are investigating offences may require copies of CCTV recordings held by the University. In order to comply with best practice and guidelines on this area issued by the Office of the Data Protection Commissioner the following form is to be used by Garda officers when requesting a copy of a CCTV recording(s) held by the University.
A PDSS (Personal Data Security Schedule) is the primary document used, at a unit or research project level, to record the categories of personal data being processed. For each category listed some basic rules and controls are identified and the PDSS is then brought to the attention of members of staff involved in processing. A guide to preparing a PDSS, and the standard template, can be found at the links below.
This section sets out the training materials available to assist staff and students in meeting their obligations to process personal data in a manner compliant with the relevant legislation.
Online Course in Data Protection - This course is available to all staff and students via Loop
Data Protection Training Presentation - Teaching & Learning (YouTube Video provided by TEU)
Click here for a link to list of FAQ's regarding data protection.
Primary Role & List of GDPR Advocates
There are a number of designated GDPR Advocates in place in various units / areas across the DCU Community. For a list of Advocates please see this link
The primary role of an Advocate is to act as the initial 'go-to' person within the unit or area for all matters relating to data protection generally. Where a query cannot be answered by an Advocate please contact the DCU Data Protection Unit.