General Data Protection Regulation Notice
TU Dublin holds and processes personal data about many different types of people such as its current, past or prospective employees, applicants, students, alumni, suppliers, contractors, members of the public, etc. The University processes this personal data to carry out its business and administrative functions and to comply with statutory requirements. This personal data is subject to data protection legislation.
Introduction to GDPR
Effective from 25th May 2018, the GDPR brings new and enhanced rights for individuals whose data is processed in TU Dublin. Individuals are referred to as 'data subjects'.
The GDPR places obligations on TU Dublin and the way it handles personal data. In turn, the staff and students of the University have responsibilities to ensure personal data is processed fairly, lawfully and securely. This means that personal data should only be processed if we have a valid condition of processing (lawful purpose) and we have provided information to the individuals concerned about how and why we are processing their information (e.g. a privacy notice). There are restrictions on what we are allowed to do with personal data such as passing personal information on to third parties, transferring information outside the EU or using it for direct marketing.
Personal Data and Data Protection
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format.
Compliance with GDPR and failure to comply: Comprehensive, business specific documentation, both internal and external, about how personal data are collected, processed, and stored by an organisation, in a GDPR compliant manner, demonstrate that this organisation takes GDPR seriously.
Under GDPR failure to comply with data protection legislation can have very serious consequences. Apart from damage to an organisation's reputation, substantial fines can apply. In addition to fines levied by the Data Protection Commission, under GDPR an individual, i.e. a data subject, has the right to take legal actions against an organisation that fails to comply with GDPR. The data subject can claim financial compensation, including compensation for non-material damages.
Click on any of the headings below to view more information:
Individuals have the right to know what TU Dublin does with their personal data. This information is provided in data protection notices.
Data Protection Notice for Recruitment Candidates
TU Dublin is committed to protecting the rights and freedoms of individuals with respect to the processing of their personal data. In developing policies, the University aims to comply fully with its responsibilities under GDPR.
The GDPR sets out key principles which lie at the heart of the general data protection regime -
- Lawfulness, fairness, and transparency
- Purpose Limitation
- Data Minimisation
- Storage Limitation
- Integrity and Confidentiality
Further information on the Principles of Data Protection can be found of the website of the Data Protection Commissioner
Office of the DPC:
Individuals have a number of specific rights under data protection law to keep them informed and in control of the processing of their personal data.
What are your rights under Data Protection Law?
You have the following rights, subject to certain exemptions, in relation to your personal data:
|Information||The right to be informed about the data processing the University does.|
|Access||The right to receive a copy of and/or access the personal data that the University holds about you.|
|Portability||You have the right to request that the University provides some elements of your personal data in a commonly used machine readable format in order to provide it to other organisations.|
|Erasure||The right to erasure of personal data where there is no legitimate reason for the University to continue to process your personal data.|
|Rectification||The right to request that any inaccurate or incomplete data that is held about you is corrected.|
|Object to processing||You can object to the processing of your personal data by the University in certain circumstances, including direct marketing material.|
|Restriction of processing concerning the data subject||
You can request the restriction of processing of personal data in specific situations where:
If you have provided consent for the processing of any of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. This can be done by contacting the department who obtained that consent or the University’s Data Protection Office (contact details below).
|The right to complain to the Data Protection Commissioner||
You have the right to make a complaint in respect of our compliance with DataProtection Law to the Office of the Data Protection Commissioner.
In order to exercise any of the above rights please contact us using the contact details set out below.
Information provided to data subjects when these rights are exercised must be transparent, understandable and easily accessible, using clear and plain language. The information should be provided in writing, or other means, including, where appropriate, electronically. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is clear or can be proven.
The six lawful reasons for processing personal data are:
- To carry out a contract
- In order for an organisation to meet a legal obligation
- Where processing the personal data is necessary to protect the vital interests of a person.
- Where processing the personal data is necessary for the performance of a task carried out in the public interest.
- In the legitimate interests of a company/organisation (except where those interests contradict or harm the interests or rights and freedoms of the individual).
The Data Protection Officer for the University is Catherine Bruen.
There is also a designated Information & Compliance Officer on each campus.
Joanne Lumley, Information & Compliance Officer, TU Dublin, Blanchardstown, D15 YV78, Ireland
Tel: +353 1 8851503
Brian Forbes, Compliance Office, TU Dublin, Grangegorman, D07H6K8, Ireland
Tel: +353 1 2205071
Cecily Giles, Information & Compliance Officer, TU Dublin, Tallaght, D24 FKT9, Ireland
Tel: +353 1 4042530
If you have any questions about the information we hold about you or to request a copy of that information, please contact us:
Data Protection Office, TU Dublin –
- By email: firstname.lastname@example.org
- In writing: The Data Protection Office, TU Dublin, Park House Grangegorman, 191 North Circular Road, Dublin D07 EWV4
- Tel: Blanchardstown +353 1 8851503, Grangegorman +353 1 2205264, Tallaght +353 4042530
Office of the DPC: