***This area of the website is currently under review based on GDPR regulations***
GDPR legislation will come into force on May 25th 2018
The EU General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology, in terms of accountability and transparency, when using and storing personal data.
There are many rights enshrined in GDPR, including the right to be informed about the way in which WIT uses, shares and stores personal information.
Waterford Institute of Technology processes personal data and is the Data Controller, and all personal data that it holds and processes is subject to the new EU General Data Protection Regulation (GDPR).
Policies Relavent to Data Protection
WIT is in the process of reviewing and updating policies inline with GDPR. The below list of documents will be availble shortly. Please note this list is not exhaustive and additional policies will be added.
Please see below information relating to GDPR and privacy for
What is GDPR?
The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.
The GDPR rules & regulations apply to all individuals the Institute proceses data on.
Types of Data covered?
Any type of record created by an employee or a person acting on behalf of the organisation which contains personal data including but not limited to email, video, handwritten material, audio recordngs.
What is Personal Data?
Any information related to a person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
What It Means for WIT?
An enhancement of regulations around the current practice of data protection (see Data Protection Rules).
What Are The Main Areas of Change?
- Consent - How consent is given/received.
- Right to be Forgotten - Right to have information removed
- Breach Notification - Mandatory Reporting to the Information Commissioner (72 hours)
- Data Portability - Can information be transported easily from one organisation to another
- Privacy by Design - Any new projects dealing with personal data must give consideration to data protection
- Right of Access - The right to access information easily
What Is WIT Doing To Comply?
- Raising Awareness through training & communications
- Engaging in a review of policies, processes & privacy statements
- Employee Training
Where Can I Get Further Information about GDPR?
WIT, as a Data Controller, has certain key responsibilities in relation to the information which we keep on computer or in a structured manual file about individuals. These are summarised in terms of eight "Rules" which we must follow, and which are listed below:
Obtain and process the information fairly
Keep it only for one or more specified and lawful purposes
Process it only in ways compatible with the purposes for which it was given to you initially
Keep it safe and secure
Keep it accurate and up-to-date
Ensure that it is adequate, relevant and not excessive
Retain it no longer than is necessary for the specified purpose or purposes
Give a copy of his/her personal data to any individual, on request
Under Article 15 of the GDPR regulation you have a right to access information held by WIT about you. In order to receive this information you must send a request in writing either via email to firstname.lastname@example.org or to The Data Protection Officer, Room TL2.54 Tourism & Leisure Building, Waterford Institute of Technology, Waterford. You should provide any and all details which would hlep in progressing the request which might include Student/Staff ID, Company name or any other details relevaent. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.
See below details of the Data Protection Officer
Compendium of Acts 1998 & 2003