Skip navigation

University College Dublin Logo

Advanced Search

UCD Data Protection

Cosaint Sonraí UCD

Data Protection Procedures

These pages are currently under review in line with new GDPR regulations

Confidentiality Guidelines

Guidelines for authorised personnel in relation to the processing of personal data held on UCD administrative

The purpose of these guidelines is to enable the university to comply with the terms of the Data Protection Acts, 1988
and 2003, which lay down strict rules governing the protection of individuals with regard to the processing of personal
data. Under the terms of the legislation

personal data is
“data relating to a living individual who is or can be identified either from the data or from the data in conjunction with
other information that is in, or is likely to come into, the possession of the data controller [UCD]”, and

processing is
“performing any operation or set of operations on the information or data, whether or not by automatic means, including

a) obtaining, recording or keeping the information, or
b) collecting, recording, organising, storing, altering or adapting the information or data,
c) retrieving, consulting or using the information or data,
d) disclosing the information or data by transmitting, disseminating or otherwise.”

The following guidelines must be strictly adhered to when processing personal data contained in any administrative

1. Security

a. Do not disclose your password to any other member of staff or individual; all staff members who need access, including temporary staff, should use their own login;

b. Do not disclose or discuss with any other member of staff or individual any personal data contained in any application other than those members of staff who require the information for administrative/educational purposes;

c. If it is necessary to print down personal data from an application, shred it when you are finished with it;

d. If it is necessary to hold a printout of personal data for a period of time, lock it away securely when not working on it and destroy by shredding as soon as possible;

e. When working at your desk, make sure screens displaying personal data are not visible to unauthorised persons, and close down applications or lock your workstation when leaving your desk, even temporarily;

f. If it is necessary to save data from an Administration System in another application on your PC, such as Excel, delete the file as soon as you have finished with it.

g. Do not save personal data onto your laptop or remove any personal data outside the university.

2. Accuracy

a. With regard to Business Objects reports, refresh each report on each new occasion of use.

b. Notify immediately if you notice or become aware of any incorrect data on any system.

Important: The above guidelines apply equally to Business Objects reports containing personal data AND to personal data saved from any of the three administrative systems into another application, such as Excel.