Data Protection Policies, Guides, Protocols and Templates
Personal Data - DCU Guidance & Procedures
This section of the data protection web pages provides links to the relevant policies, guides and training materials which staff, students and other interested parties may find useful. In addition, it also provides guidance on making a personal data access request to the university.
The documents listed below set out the University's primary policies & notices related to personal data.
A) Personal Data Policies
Contact with Third Parties Policy
B) Notices & Statements
DCU Privacy Notice - Recording of lectures (PDF, 523KB)
In-class notice - Recording of lectures (PPT, 6584KB)
Article 30 Record of Processing Activities (Staff Only
A) Data Subject Rights Procedure
Data Subject Rights Procedure - Public Guide
Data Subjects Rights Procedure - Staff Guide (Staff Access Only)
B) Data Breach Reporting Procedure
Data Breach Reporting Procedure - Public Guide
Data Breach Reporting Procedure - Staff Guide
Data Incident / Breach Report
C) Data Protection Impact Assessments (DPIAs)
Staff Guide to the DPIA process
Step 1 - Screening Questionnaire
Step 2 - DPIA Template
Step 2 - DPIA Template for Health Research
D) Data Processing Agreements (DPA) Templates & MOU Clause
The DPU maintains a number of Data Protection Agreement (DPA) templates that are provided to staff of DCU on request. A list of the more commonly used ones is shown below. The exact type of agreement to use will depend upon the circumstances in each case and the DPU will provide advice on which one to use.
For advice on which one to use please contact the Data Protection Unit (Ext 7476 / 6466 / 7476).
1) DPA Template - DCU as the Data Controller
2) DPA Template - Annex / Addendum to an existing agreement
3) DSA Template - Joint Controllers
4) DPA Template - DCU as a Data Processor
5) MOU Clause
6) Guide to Standard Contractual Clauses (SCCs)
E) Data Protection & Research
Data Protection - Key Points for DCU Researchers
Guide to the contents of a Data Privacy Notice
Research Data Privacy Notice - Example
Introduction to Research Data Management
Research Data Management - IT Considerations
Data Protection for Health Researchers
Guidance on Health Research - Data Protection Commissioner
Guide to the Retention of Personal Data used for Research
REC Application Forms & GDPR - FAQs
F) Security, CCTV, and Law Enforcement
Guide to Requests from Garda and Law Enforcement
G) ISS Guidance
H) Document Shredding / Disposal Guide
Guide to the Document Shredding / Disposal Service in DCU
I) Unsubscribe from a DCU Email Group
Guide & Application Form for Individuals
Under the legislation any individual may make a request to obtain a copy of their own personal data held by Dublin City University. These requests can be made either verbally or in writing and are known as 'Access Requests' or alternatively as 'Subject Access Requests'. The guide at the link below explains in further detail how such requests may be made and in most cases no fee will apply.
Personal Data Access Requests - A guide to accessing personal data held by the University
Personal Data Access Request Application Form - PDF Version
Personal Data Access Request Application Form - Word Version
Guide for University Staff
A separate guide for members of staff of the University who are handling an access request is provided below.
Staff Guide to Subject Access Requests
Staff Personnel Files - Access Requests
In addition to the general right of access described above, staff of the University may view their own personnel file which is held by the Human Resources office. Please click on the following link for further details:
Link to HR policy on access to staff personnel files
Garda Requests for Copies of CCTV Recordings
From time to time members of An Garda SÃochaná who are investigating offences may require copies of CCTV recordings held by the University. In order to comply with best practice and guidelines on this area issued by the Office of the Data Protection Commissioner the following form is to be used by Garda officers when requesting a copy of a CCTV recording(s) held by the University. A separate guide to assist staff in processing a request is available from the DPU.
A PDSS (Personal Data Security Schedule) is the primary document used, at a unit or research project level, to record the categories of personal data being processed. For each category listed some basic rules and controls are identified and the PDSS is then brought to the attention of members of staff involved in processing. A guide to preparing a PDSS, and the standard template, can be found at the links below.
Training Materials
This section sets out the training available to assist staff and students in meeting their obligations to process personal data in a manner compliant with the relevant legislation.
Staff Course - The online DCU Data Protection course for members of staff may be accessed via the Essential eLearning webpage managed by HR. The course has been tailored to DCU and is intended to equip staff with an understanding of the essential elements of data protection law & practice.
Student Course - The online DCU Data Protection course for students and post grads may be accessed via your Loop account. Once you login into Loop select the Data Protection course from the Loop Dashboard.
Data Protection Training Slides - Guide for Staff
Data Protection in a 'Nutshell' - Slides
Data Protection Training Presentation - Teaching & Learning (YouTube Video provided by TEU)
Learner Data & GDPR - T&L Insight Guide
FAQ's
Click here for a link to list of FAQ's regarding data protection.
Primary Role & List of GDPR Advocates
There are a number of designated GDPR Advocates in place in various units / areas across the DCU Community. For a list of Advocates please see this link
The primary role of an Advocate is to act as the initial 'go-to' person within the unit or area for all matters relating to data protection generally. Where a query cannot be answered by an Advocate please contact the DCU Data Protection Unit.