About WIT Headers

Documents And PoliciesData Protection

Data Protection

***This area of the website is currently under review based on GDPR regulations***

GDPR legislation will come into force on May 25th 2018

The EU General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and replaces the Data Protection Directive 95/46/EC. From this date, GDPR, in conjunction with specific Irish law, will give more rights to the individual and will place more obligations on Waterford Institute of Technology, in terms of accountability and transparency, when using and storing personal data.

There are many rights enshrined in GDPR, including the right to be informed about the way in which WIT uses, shares and stores personal information.

Waterford Institute of Technology processes personal data and  is the Data Controller, and all personal data that it holds and processes is subject to the new EU General Data Protection Regulation (GDPR).

Policies Relavent to Data Protection

WIT is in the process of reviewing and updating policies inline with GDPR. The below list of documents will be availble shortly. Please note this list is not exhaustive and additional policies will be added.


  • Data Protection Policy
  • Data Protection Procedures
  • Data Governance Policy
  • Data Handling & Clean Desk Policy
  • Data Protection Incident Response & Breach Notification Policy
  • Data Access Management Policy
  • Privileged User Policy
  • Data Retention Policy
  • Data Encryption & Data Anonymisation/Pseudonymisation Policy
  • Network Security Policy
  • Systems Development Life Cycle Policy
  • Information Security Policy
  • IT Architecture Security Management Policy 


Please see below information relating to GDPR and privacy for


Website Users including Cookie Usage




GDPR What is GDPR?

The EU General Data Protection Regulation (GDPR) is here and requires Waterford Institute of Technology to comply with all regulations. It replaces the Data Protection Directive 95/46/EC. It has been designed to standardise data protection laws within the EU and to give greater power to data subjects.

The GDPR rules & regulations apply to all individuals the Institute proceses data on.


Types of Data covered?

Any type of record created by an employee or a person acting on behalf of the organisation which contains personal data including but not limited to email, video, handwritten material, audio recordngs.

What is Personal Data?

Any information related to a person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What It Means for WIT?

An enhancement of regulations around the current practice of data protection (see Data Protection Rules).

What Are The Main Areas of Change?

  • Consent - How consent is given/received.
  • Right to be Forgotten - Right to have information removed
  • Breach Notification - Mandatory Reporting to the Information Commissioner (72 hours)
  • Data Portability - Can information be transported easily from one organisation to another
  • Privacy by Design - Any new projects dealing with personal data must give consideration to data protection
  • Right of Access - The right to access information easily

What Is WIT Doing To Comply?

  • Raising Awareness through training & communications
  • Engaging in a review of policies, processes & privacy statements 
  • Employee Training

Where Can I Get Further Information about GDPR?


WIT, as a Data Controller, has certain key responsibilities in relation to the information which we keep on computer or in a structured manual file about individuals. These are summarised in terms of eight "Rules" which we must follow, and which are listed below:

  • Obtain and process the information fairly

  • Keep it only for one or more specified and lawful purposes

  • Process it only in ways compatible with the purposes for which it was given to you initially

  • Keep it safe and secure

  • Keep it accurate and up-to-date

  • Ensure that it is adequate, relevant and not excessive

  • Retain it no longer than is necessary for the specified purpose or purposes

  • Give a copy of his/her personal data to any individual, on request

Under Article 15 of the GDPR regulation you have a right to access information held by WIT about you. In order to receive this information you must send a request in writing either via email to dataprotection@wit.ie or to The Data Protection Officer, Room TL2.54 Tourism & Leisure Building, Waterford Institute of Technology, Waterford. You should provide any and all details which would hlep in progressing the request which might include Student/Staff ID, Company name or any other details relevaent. You should be as precise as possible as to the the data you wish to access in order to ensure material is returned within the time limits as per the new legislation (20 days). There are some limited instances where there may be an extention of the timeframe as per GDPR regulations. See here for further details.

See below details of the Data Protection Officer

Corina Power
Data Protection Officer
Room TL2.54 Tourism & Leisure Building,
Waterford Institute of Technology,
 data protection@wit.ie, +353 51 302608

 pdf  EU General Data Protection Act 


Compendium of Acts 1998 & 2003