General Data Protection Regulation, or GDPR, is a new set of data protection laws enforceable across all EU member states as of the 25th May 2018. GDPR will change the way individuals and organisations handle personal data, giving individuals greater control over their personal data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by units.

What is Personal Data?

Personal Data is any information relating to an identified or identifiable natural person that can identify an individual person. This includes a name, ID number, location data, postal address, browsing history, image or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.  

Data Protection Principles

There are some basic principles of data protection that we should all be aware of and conform to when processing personal data:

  • Collect no more data than is necessary from an individual for the purpose for which it will be used
  • Obtain personal data fairly from an individual by giving them notice of the collection and its specific purpose
  • Retain the data for no longer than is necessary for that specified purpose
  • Keep data safe and secure
  • Provide an individual with a copy of his or her personal data if that person requests it

Rights of the Individual

Under GDPR rules, individuals have significantly strengthened rights, including:

Very importantly, the University must always be fully transparent to individuals about how they are using and safeguarding personal data, including by providing this information in easily accessible, concise, easy to understand and clear language.

GDPR & Data Security

The essence of GDPR is the security of data belonging to individuals. This includes both physical and digital forms of data. ISS provide a lot of relevant information and services to help with this, chief among these is our IT Security Awareness Training for Staff & Students, and we would strongly recommend that all individuals affiliated with the University complete this. When we consider the fact that roughly 90% of data breaches are caused by human error and behavior, it is very important that staff and students are aware of their security obligations. 

Getting Security Conscious & GDPR Compliant - What To Do?

There are a number of steps that you should take to improve your security consciousness and GDPR readiness. These include but are in no way limited to the the following:

  • Keep all your own personal data private, including your Campus Account (CASS) credentials. Always question who is asking for it and why
  • Be aware of of the increasing sophistication of Spam & Phishing. Learn the tell tail clues of How to Spot Phishing Emails
  • Use ISS Services for Staff for all University owned data. This includes Office 365, OneDrive, File-Shares, SharePoint, and FileSender
  • When sending an email, consider the recipient list, the contents of the email and any attachments
  • Make all your passwords strong - include upper/lowercase, numbers and special characters. Never share your password. See the University Password Policy Documentation for more information
  • Enable auto-updates and auto-lock on all your devices, including your University owned Laptop / Desktop
  • We strongly consider encrypting your University Owned Laptop. See our website here for more information
  • If you use your mobile and / or tablet for University work, we strongly recommend that password protection, auto-lock, and encryption are all enabled
  • Take advantage of our IT Security Awareness Training for Staff & Students

Want To Learn More About GDPR?

If you want to learn more about GDPR, visit the Data Protection Commissioners website for more information.

You should also visit University of Galway's Data Protection website for more information on how the University manages information in line with Data Protection Acts and GDPR and its implications for both staff and students.

GDPR Queries - Who To Contact

Please contact with any data protection queries and with any data security queries.