Guidance & Resources

[* These documents are available via the UCD Connect log-on to UCD Staff and Faculty members only]

• (opens in a new window)UCD Short Guide on Collecting Personal Data *
• (opens in a new window)UCD Short Guide to Pseudonymous vs Anonymous*
• (opens in a new window)UCD Short Guide on Writing Privacy Notices *
• (opens in a new window)UCD Short Guide on Data Sharing & Collaborating *
• (opens in a new window)UCD Short Guide to Concept of Controller & Processor*
• (opens in a new window)UCD Short Guide on Classifying Personal Data *
• (opens in a new window)UCD Short Guide to Retention of Personal Data *    
• (opens in a new window)UCD Short Guide to Records of Processing Activities (ROPAs) *
• (opens in a new window)UCD Short Guide to taking images & videos for UCD *

• (opens in a new window)UCD Short Guide to DPIAs & Risk Assessments for Low-Risk Projects (including all relevant links and templates)*
• (opens in a new window)UCD - Balancing test / LIA (Legitimate Interest Assessment) Template* 

• (opens in a new window)UCD Data Protection ‘PASSPORT’ for Research Projects - Practical tips for UCD researchers *
• (opens in a new window)HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
• (opens in a new window)UCD Short Guide to Research Project Supervisors know-how*
• (opens in a new window)UCD Short Guide to Research Project Compliance*

• (opens in a new window)UCD - Data Protection Checklist for the selection and acquisition of third party (digital) tools* 
• Guide for Deploying Digital Solutions in UCD
• UCD Cloud Computing Guidance
• UCD IT Security Cloud Security Checklist 

• (opens in a new window)UCD Short Guide to International Data Transfers*
• (opens in a new window)UCD Short Guide to International Data Transfers - Adequacy Decision*
• (opens in a new window)UCD - FAQs to Transfer Impact Assessments (TIAs) *
• (opens in a new window)UCD - Template for (international) Transfer Assessment (TIA) / Transfer Risk Assessment (TRA)*

• (opens in a new window)UCD Incident Response Flow Chart*
• (opens in a new window)UCD Personal Data Incident & Breach report Form (word) *
• (opens in a new window)UCD sample template for personal data breach notification to affected individuals* 
• (opens in a new window)Managing Breaches when Working Remotely*(short video) 
• (opens in a new window)UCD Personal Data Protection Incident & Breach Management Guidance* 

• (opens in a new window)UCD - Get the Basics Right - Simple steps to avoid data breaches * 
• (opens in a new window)UCD - Get the Basics Right - Common Terminology * 
• (opens in a new window)UCD - Get the Basics Right - FAQs by Schools regarding Students *

• (opens in a new window)UCD Short Guide to taking images & videos for UCD *
• (opens in a new window)Example of a UCD video/image consent form *

• (opens in a new window)UCD GDPR Obligations Delegated to Schools and Units: Essential know-how for HoS & HoU

• DPC - (opens in a new window)What is personal data?
• DPC -(opens in a new window) Principles of Data Protection
• DPC - (opens in a new window)Full Guidance on the Principles of Data Protection 
• DPC - (opens in a new window)Children Front and Centre- Fundamentals for a  Child-Oriented Approach to Data Processing
• EC -   (opens in a new window)Ethics and data protection [in scientific research, including H2020]
• DPC - (opens in a new window)Anonymisation and pseudonymisation
• (opens in a new window)EDPB - Guidelines 01/2025 on Pseudonymisation (Summary)
• AEDP&EDPS - (opens in a new window)10 Misunderstandings related to ANONYMISATION
• DPC - (opens in a new window)Controller-Processor Relationships 
• DPC - (opens in a new window)A Practical Guide to Controller-Processor Contracts: Full Guidance Note
• EC -   (opens in a new window)Standard contractual clauses between controllers and processors under Article 28(7) 
• EDPB -(opens in a new window)Guidelines on the concepts of controller and processor in the GDPR
• DPC - (opens in a new window)Legal Bases Infographic
• DPC - (opens in a new window)Guidance on Legal Bases for Processing Personal Data
• DPC - (opens in a new window)Full Guidance on Legal Bases for Processing and Data Subject Rights
• EDPB -(opens in a new window)Guidelines on Consent
• DPC - (opens in a new window)Risk based approach of GDPR
• DPC - (opens in a new window)Data protection by design and default
• EDPB -(opens in a new window)Guidelines on Data Protection by Design and by Default
• EDPS -(opens in a new window)Quick-guide to necessity and proportionality
• DPC - (opens in a new window)Guide to Data Protection Impact Assessments: Full Guidance Note
• DPC - (opens in a new window)Data Processing Operations which require a Data Protection Impact Assessment

• EDPB - (opens in a new window)Guidelines on the territorial scope of the GDPR
• EDPB - (opens in a new window)Guidelines on Interplay between Article 3 and the provisions on international transfers as per Chapter V of the GDPR
• DPC  - (opens in a new window)Transfers of Personal Data to Third Countries or International Organisations: Full Guidance Note
• EDPB - (opens in a new window)2018 Guidelines on Art. 49 Derogations
• EC     - (opens in a new window)Standard contractual clauses for the transfer of personal data to third countries (for GDPR Article 46)
• EDPB - (opens in a new window)Measures to supplement transfer tools to ensure compliance with the EU level of protection of personal data
• EDPB - (opens in a new window)European Essential Guarantees for surveillance measures

• DPC - (opens in a new window)Guidance for Controllers on Data Security
• DPC - (opens in a new window)General Portable Storage Device Recommendations
• DPC - (opens in a new window)Full Guidance on General Portable Storage Device Recommendations
• DPC - (opens in a new window)Protecting Personal Data When Working Remotely
• DPC - (opens in a new window)Securing Cloud-based Environments
• DPC -(opens in a new window) Full Guidance on Five Steps to Secure Cloud-based Environments
• DPC -(opens in a new window) (opens in a new window)Full Guidance for Organisations Engaging Cloud Service Providers 
• (opens in a new window)https://haveibeenpwned.com/- check if you have an email account that has been compromised in a data breach by entering your email address into: (opens in a new window)https://haveibeenpwned.com/
• Check which third-party apps you gave permission to access your Google Drive by logging into your Google Account entering the link: https://myaccount.google.com/permissions 

• (opens in a new window)GDPR Guidance for Health Researcher
• (opens in a new window)European Commission's Ethics and Data Protection Decision Tree
• EC -   (opens in a new window)Ethics and data protection [in scientific research, including H2020]
• (opens in a new window)HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
• EDPB(opens in a new window)Guidelines on Consent
• (opens in a new window)HSE - National Policy for Consent in Health and Social Care Research
• HRR - (opens in a new window)S.I. No. 314/2018 - Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018
• (opens in a new window)Health Research Regulations - 2021 Amendments
  • (opens in a new window)#1 Guidance on Explicit Consent Amendment
  • (opens in a new window)#2 Guidance on Pre-screening Amendments 
  • (opens in a new window)#3 Guidance on Retrospective Chart Review Amendments 
  • (opens in a new window)#4 Guidance on Deferred Consent Amendments 
  • (opens in a new window)#5 Guidance on Informed Consent under EU Directive Amendments Health Research Declaration - FAQs
• (opens in a new window)Health Research Consent Declaration Committee
• (opens in a new window)Health Research Declaration - FAQs
• (opens in a new window)Department of Health - Guidance on Information Principles for Consent
• (opens in a new window)HRCDC Decision Flow Chart for whether a declaration is required or not
• (opens in a new window)EDPB - Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR)
• (opens in a new window)EDPB - Clarifications on the consistent application of the GDPR, focusing on health research
• (opens in a new window)AI Act enters into force
• (opens in a new window)AI Act 

• DPC - (opens in a new window)Children Front and Centre- Fundamentals for a  Child-Oriented Approach to Data Processing
• EDPB - (opens in a new window)ePrivacy interplay with GDPR
• DPC - (opens in a new window)Rules for Direct Electronic Marketing
• DPC - (opens in a new window)FAQ on Consent for Electronic Direct Marketing
• DPC - (opens in a new window)Deep Dive into DPC's Cookies Sweep
• DPC - (opens in a new window)Guidance on Cookies and Similar Technologies