student walking on Blanchardstown Campus

Data Protection

TU Dublin holds and processes personal data about many different types of people such as its current, past or prospective employees, applicants, students, alumni, suppliers, contractors, members of the public, etc. The University processes this personal data to carry out its business and administrative functions and to comply with statutory requirements. This personal data is subject to data protection legislation.

Introduction to GDPR

Effective from 25th May 2018, the GDPR brings new and enhanced rights for individuals whose data is processed in TU Dublin.  Individuals are referred to as 'data subjects'.

The GDPR places obligations on TU Dublin and the way it handles personal data. In turn, the staff and students of the University have responsibilities to ensure personal data is processed fairly, lawfully and securely. This means that personal data should only be processed if we have a valid condition of processing (lawful purpose) and we have provided information to the individuals concerned about how and why we are processing their information (e.g. a privacy notice). There are restrictions on what we are allowed to do with personal data such as passing personal information on to third parties, transferring information outside the EU or using it for direct marketing.

Personal Data and Data Protection

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. 

Compliance with GDPR and failure to comply: Comprehensive, business specific documentation, both internal and external, about how personal data are collected, processed, and stored by an organisation, in a GDPR compliant manner, demonstrate that this organisation takes GDPR seriously. 

Under GDPR failure to comply with data protection legislation can have very serious consequences. Apart from damage to an organisation's reputation, substantial fines can apply. In addition to fines levied by the Data Protection Commission, under GDPR an individual, i.e. a data subject, has the right to take legal actions against an organisation that fails to comply with GDPR. The data subject can claim financial compensation, including compensation for non-material damages. 

Visit the Data Protection Commission website to read more on GDPR 

Click on any of the headings below to view more information:

Individuals have the right to know what TU Dublin does with their personal data. This information is provided in data protection notices

Data Protection Notice Students

Data Protection Notice Staff

Privacy Statement for Student Health Centres

Data Protection Notice for Recruitment Candidates

HEA Data Collection Notice

Website Cookies & Privacy Statement

TU Dublin is committed to protecting the rights and freedoms of individuals with respect to the processing of their personal data. In developing policies, the University aims to comply fully with its responsibilities under GDPR.

The GDPR sets out key principles which lie at the heart of the general data protection regime -

  • Lawfulness, fairness, and transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality
  • Accountability 

Further information on the Principles of Data Protection can be found of the website of the Data Protection Commissioner

Office of the DPC:

Individuals have a number of specific rights under data protection law to keep them informed and in control of the processing of their personal data.

What are your rights under Data Protection Law?

You have the following rights, subject to certain exemptions, in relation to your personal data:

Information The right to be informed about the data processing the University does.
Access The right to receive a copy of and/or access the personal data that the University holds about you.
Portability You have the right to request that the University provides some elements of your personal data in a commonly used machine readable format in order to provide it to other organisations.
Erasure The right to erasure of personal data where there is no legitimate reason for the University to continue to process your personal data.
Rectification The right to request that any inaccurate or incomplete data that is held about you is corrected.
Object to processing You can object to the processing of your personal data by the University in certain circumstances, including direct marketing material.
Restriction of processing concerning the data subject

You can request the restriction of processing of personal data in specific situations where:

  1. You contest the accuracy of the personal data
  2. You oppose the erasure of the personal data and request restriction instead
  3. Where the University no longer needs the data but are required by you for the establishment, exercise or defence of legal claims
Withdraw Consent

If you have provided consent for the processing of any of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. This can be done by contacting the department who obtained that consent or the University’s Data Protection Office (contact details below).

The right to complain to the Data Protection Commissioner

You have the right to make a complaint in respect of our compliance with Data

Protection Law to the Office of the Data Protection Commissioner.

In order to exercise any of the above rights please contact us using the contact details set out below.

Information provided to data subjects when these rights are exercised must be transparent, understandable and easily accessible, using clear and plain language. The information should be provided in writing, or other means, including, where appropriate, electronically. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is clear or can be proven.

The six lawful reasons for processing personal data are:

  1. Consent
  2. To carry out a contract
  3. In order for an organisation to meet a legal obligation
  4. Where processing the personal data is necessary to protect the vital interests of a person.
  5. Where processing the personal data is necessary for the performance of a task carried out in the public interest.
  6. In the legitimate interests of a company/organisation (except where those interests contradict or harm the interests or rights and freedoms of the individual).


The Data Protection Officer for the University is Bronagh Elliott.

Data Controller

If you have any questions about the information we hold about you or to request a copy of that information, please contact us:

Information Governance Office, TU Dublin –

  • By email:
  • In writing: Information Governance Office, TU Dublin, Blanchardstown Campus, Blanchardstown Rd N, Blanchardstown, Dublin, D15 YV78
  • Tel: +353 1 220 7225, +353 1 220 7453, +353 1 2205264, +353 1 220 5243 

Office of the DPC: