Guidance & Resources

UCD RESOURCES

Data Protection Training

• Online 'UCD Data Privacy & Security Training' - UCD provides online training for employees. More information on how to access the 'Data Privacy & Security Training' in Brightspace is available here*.
• In addition to the online training provided on Brightspace, UCD offers training and workshops face-to-face or e.g. via Zoom. Details and dates are advertised through UCD communication channels. 
• UCD Privacy Talks January 2023 - GDPR Presentations* (UCD Log-on required)

UCD short guides and templates

[* These documents are available via the UCD Connect log-on]

• UCD Short Guide on collecting personal data *
• UCD Short Guide on writing privacy notices *
• UCD Short Guide on data sharing & collaborating *
• UCD Short Guide on classifying personal data *
• UCD Short Guide to retention of personal data *    
• UCD Short Guide to Records of Processing Activities (ROPAs) *
• UCD Short Guide to DPIAs & Risk Assessments for Low-Risk Projects (including all relevant links and templates)*
• UCD - Balancing test / LIA (Legitimate Interest Assessment) Template* 
• UCD Data Protection ‘PASSPORT’ for Research Projects - Practical tips for UCD researchers *
• HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
• UCD - Data Protection Checklist for the selection and acquisition of third party (digital) tools* 
• UCD - FAQs to Transfer Impact Assessments (TIAs) *
• UCD - Template for (international) Transfer Assessment (TIA) / Transfer Risk Assessment (TRA)*
• UCD Cloud Computing guidance 
• UCD IT Security Cloud Security Checklist 
• UCD Incident Response Flow Chart*
• UCD Personal Data Incident & Breach report Form (word) 
• UCD sample template for personal data breach notification to affected individuals* 
• Managing Breaches when Working Remotely* (short video) 
• UCD Personal Data Protection Incident & Breach Management Guidance* 
• UCD - Get the Basics Right - Simple steps to avoid data breaches * 
• UCD - Get the Basics Right - Common Terminology * 
• UCD - Get the Basics Right - FAQs by Schools regarding Students *
• UCD - Privacy tips for virtual meetings involving student or staff data *
• UCD Short Guide to taking images & videos for UCD *
• Example of a UCD video/image consent form *

EXTERNAL RESOURCES

Information on data protection, its key concepts, and principles

• DPC - What is personal data?
• DPC - Principles of Data Protection
• DPC - Full Guidance on the Principles of Data Protection 
• DPC - Children Front and Centre- Fundamentals for a  Child-Oriented Approach to Data Processing
• EC -   Ethics and data protection [in scientific research, including H2020]
• DPC - Anonymisation and pseudonymisation
• AEDP&EDPS - 10 Misunderstandings related to ANONYMISATION
• DPC - Controller-Processor Relationships 
• DPC - A Practical Guide to Controller-Processor Contracts: Full Guidance Note
• EC -   Standard contractual clauses between controllers and processors under Article 28(7) 
• EDPB -Guidelines on the concepts of controller and processor in the GDPR
• DPC - Legal Bases Infographic
• DPC - Guidance on Legal Bases for Processing Personal Data
• DPC - Full Guidance on Legal Bases for Processing and Data Subject Rights
• ICO - What is the 'legitimate interests' basis?
• EDPB -Guidelines on Consent
• DPC - Risk based approach of GDPR
• DPC - Data protection by design and default
• EDPB -Guidelines on Data Protection by Design and by Default
• EDPS -Quick-guide to necessity and proportionality
• DPC - Guide to Data Protection Impact Assessments: Full Guidance Note
• DPC - Data Processing Operations which require a Data Protection Impact Assessment

International data transfers - personal data processed outside of the EEA

• EDPB - Guidelines on the territorial scope of the GDPR
• EDPB - Guidelines on Interplay between Article 3 and the provisions on international transfers as per Chapter V of the GDPR
• DPC  - Transfers of Personal Data to Third Countries or International Organisations: Full Guidance Note
• EDPB - 2018 Guidelines on Art. 49 Derogations
• EC     - Standard contractual clauses for the transfer of personal data to third countries (for GDPR Article 46)
• EDPB - Measures to supplement transfer tools to ensure compliance with the EU level of protection of personal data
• EDPB - European Essential Guarantees for surveillance measures

Data Security – providing a safe environment for personal data  

• DPC - Guidance for Controllers on Data Security
• DPC - General Portable Storage Device Recommendations
• DPC - Full Guidance on General Portable Storage Device Recommendations
• DPC - Protecting Personal Data When Working Remotely
• DPC - Securing Cloud-based Environments
• DPC - Full Guidance on Five Steps to Secure Cloud-based Environments
• DPC - Full Guidance for Organisations Engaging Cloud Service Providers 
• https://haveibeenpwned.com/ - check if you have an email account that has been compromised in a data breach by entering your email address into:  https://haveibeenpwned.com/
• Check which third-party apps you gave permission to access your Google Drive by logging into your Google Account entering the link:  https://myaccount.google.com/permissions 

Personal data and Health Research - HRR

• GDPR Guidance for Health Researcher
• EC -   Ethics and data protection [in scientific research, including H2020]
• HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
• EDPB -Guidelines on Consent
• HSE - National Policy for Consent in Health and Social Care Research
• Health Research Regulations 2018 (HRR)
• Health Research Regulations - 2021 Amendments
  • #1 Guidance on Explicit Consent Amendment
  • #2 Guidance on Pre-screening Amendments 
  • #3 Guidance on Retrospective Chart Review Amendments 
  • #4 Guidance on Deferred Consent Amendments 
  • #5 Guidance on Informed Consent under EU Directive Amendments 
  • #6 Guidance on Appeals and Technical Amendments 
• Health Research Consent Declaration Committee
• Health Research Declaration - FAQs
• Department of Health - Guidance on Information Principles for Consent
• HRCDC Decision Flow Chart for whether a declaration is required or not
• EDPB - Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR)
• EDPB - Clarifications on the consistent application of the GDPR, focusing on health research
•  

Communication, ePrivacy Regulations and the use of cookies

• DPC - Children Front and Centre- Fundamentals for a  Child-Oriented Approach to Data Processing
• EDPB - ePrivacy interplay with GDPR
• DPC - Rules for Direct Electronic Marketing
• DPC - FAQ on Consent for Electronic Direct Marketing
• DPC - Deep Dive into DPC's Cookies Sweep
• DPC - Guidance on Cookies and Similar Technologies

CCTV, Drones and Recordings

• DPC - Video Recording
• DPC - Use of Drones
• DPC - CCTV Guidance for Controllers - Full Guidance Note