Data Protection Policies, Guides, Protocols and Templates

The documents listed below set out the University's primary policies & notices related to personal data. 

A) Personal Data Policies

Data Privacy Policy

Data Retention Policy

Contact with Third Parties Policy

Data Classification Policy

B) Notices & Statements

DCU Privacy Notice - Recording of lectures (PDF, 523KB)

In-class notice - Recording of lectures (PPT, 6584KB) 

Staff Data Processing Notice

DCU Website Privacy Statement

DCU Website Cookies Statement

Article 30 Record of Processing Activities (Staff Only

Student Application Portal Data Privacy Notice

HEA Student Data Collection Notice 2022-2023

A) Data Subject Rights Procedure

Data Subject Rights Procedure - Public Guide

Data Subjects Rights Procedure - Staff Guide (Staff Access Only)

B) Data Breach Reporting Procedure

Data Breach Reporting Procedure - Public Guide

Data Breach Reporting Procedure - Staff Guide 

Data Incident / Breach Report 

C) Data Protection Impact Assessments (DPIAs)

Staff Guide to the DPIA process 

Step 1 - Screening Questionnaire

Step 2 - DPIA Template

Step 2 - DPIA Template for Health Research

D) Data Processing Agreements (DPA) Templates & MOU Clause

The DPU maintains a number of Data Protection Agreement (DPA) templates that are provided to staff of DCU on request. A list of the more commonly used ones is shown below. The exact type of agreement to use will depend upon the circumstances in each case and the DPU will provide advice on which one to use.

For advice on which one to use please contact the Data Protection Unit (Ext 7476 / 6466 / 7476). 

1) DPA Template  - DCU as the Data Controller 

2) DPA Template  - Annex / Addendum to an existing agreement 

3) DSA Template - Joint Controllers 

4) DPA Template - DCU as a Data Processor 

5) MOU Clause   

6) Guide to Standard Contractual Clauses (SCCs)

E) Data Protection & Research

Data Protection - Key Points for DCU Researchers

Guide to the contents of a Data Privacy Notice

Research Data Privacy Notice - Example

Guide to Using Google Forms

Introduction to Research Data Management

Research Data Management - IT Considerations 

Data Protection for Health Researchers

Guidance on Health Research - Data Protection Commissioner

Guide to the Retention of Personal Data used for Research

REC Application Forms & GDPR - FAQs

F) Security, CCTV, and Law Enforcement

Guide to DCU's CCTV System

Guide to Requests from Garda and Law Enforcement

G) ISS Guidance 

ISS Data Handling Guidelines

ISS Encryption Service  

H) Document Shredding / Disposal Guide

Guide to the Document Shredding / Disposal Service in DCU

I) Unsubscribe from a DCU Email Group

Guide for Staff & Students

Guide & Application Form for Individuals

Under the legislation any individual may make a request to obtain a copy of their own personal data held by Dublin City University.  These requests can be made either verbally or in writing and are known as 'Access Requests' or alternatively as 'Subject Access Requests'. The guide at the link below explains in further detail how such requests may be made and in most cases no fee will apply.    

Personal Data Access Requests - A guide to accessing personal data held by the University

Personal Data Access Request Application Form - PDF Version

Personal Data Access Request Application Form - Word Version

Guide for University Staff

A separate guide for members of staff of the University who are handling an access request is provided below. Please note you must provide a valid staff login name and password to access the guide.

Staff Guide to Subject Access Requests (Staff Access Only)

Staff Personnel Files - Access Requests

In addition to the general right of access described above, staff of the University may view their own personnel file which is held by the Human Resources office. Please click on the following link for further details:

Link to HR policy on access to staff personnel files 

Garda Requests for Copies of CCTV Recordings

From time to time members of An Garda Síochaná who are investigating offences may require copies of CCTV recordings held by the University. In order to comply with best practice and guidelines on this area issued by the Office of the Data Protection Commissioner the following form is to be used by Garda officers when requesting a copy of a CCTV recording(s) held by the University. A separate guide to assist staff in processing a request is available from the DPU. 

Gardai request form for a copy of CCTV recording(s)  

A PDSS (Personal Data Security Schedule) is the primary document used, at a unit or research project level, to record the categories of personal data being processed. For each category listed some basic rules and controls are identified and the PDSS is then brought to the attention of members of staff involved in processing. A guide to preparing a PDSS, and the standard template, can be found at the links below. 

Guide to preparing / updating a PDSS 

PDSS Template   

Example of a completed PDSS for a research project 

Training Materials

This section sets out the training available to assist staff and students in meeting their obligations to process personal data in a manner compliant with the relevant legislation.

Staff Course - The online DCU Data Protection course for members of staff may be accessed via the Essential eLearning webpage managed by HR. The course has been tailored to DCU and is intended to equip staff with an understanding of the essential elements of data protection law & practice. 

Student Course - The online DCU Data Protection course for students and post grads may be accessed via your Loop account. Once you login into Loop select the Data Protection course from the Loop Dashboard. 

Data Protection Training Slides - Guide for Staff 

Data Protection in a 'Nutshell' - Slides

Data Protection Training Presentation - Teaching & Learning (YouTube Video provided by TEU) 

Learner Data & GDPR - T&L Insight Guide

Data Protection Help Sheet 

FAQ's

Click here for a link to list of FAQ's regarding data protection.

 Primary Role & List of GDPR Advocates

There are a number of designated GDPR Advocates in place in various units / areas across the DCU Community. For a list of Advocates please see this link 

The primary role of an Advocate is to act as the initial 'go-to' person within the unit or area for all matters relating to data protection generally. Where a query cannot be answered by an Advocate please contact the DCU Data Protection Unit.