Skip navigation

University College Dublin Logo
SEARCH UCD

Advanced Search
 
 

UCD Data Protection

Cosaint Sonraí UCD

Data Protection Procedures

5. Rules of Data Protection
There are eight rules of Data Protection, which govern the processing of personal data. When processing personal data the following procedures apply:

  1. obtain and process the data fairly;
  2. keep only for one or more specified and lawful purposes;
  3. use and disclose only in ways compatible with the purposes for which it was initially given;
  4. keep safe and secure;
  5. keep accurate and up-to-date;
  6. ensure that it is adequate, relevant and not excessive;
  7. retain no longer than is necessary for the specified purpose or purposes;
  8. provide a copy of his/her personal data to any individual, on request.

In addition, there are special conditions that must be met before personal data may be transferred to a country outside the European Economic Area (E.U. member states and Iceland, Liechtenstein and Norway) if that country does not have an EU-approved Data Protection law. Specific provisions are in place concerning personal data transfers to the United States of America.

The above rules apply to all personal computer held data and to all personal manual data created from the 1st July 2003.

For personal manual data created before the 1st July 2003, the above rules will apply from the 24th October 2007. Until that date, the following rules will apply to personal manual data created before the 1st July 2003:

  1. provide a copy of his/her personal data to any individual on request;
  2. correct, erase, or destroy any personal data that are incomplete or inaccurate;
  3. destroy any personal data that are incompatible with the legitimate purpose for which they were collected.