UCD RESOURCES
Data Protection Training
- Online 'UCD Data Privacy & Security Training' - UCD provides online training for employees. More information on how to access the 'Data Privacy & Security Training' in Brightspace is available here*.
- In addition to the online training provided on Brightspace, UCD offers training and workshops face-to-face or e.g. via Zoom. Details and dates are advertised through UCD communication channels.
- UCD Privacy Talks January 2023 - GDPR Presentations* (UCD Log-on required)
UCD short guides and templates
[* These documents are available via the UCD Connect log-on]
- UCD Short Guide on collecting personal data *
- UCD Short Guide on writing privacy notices *
- UCD Short Guide on data sharing & collaborating *
- UCD Short Guide on classifying personal data *
- UCD Short Guide to retention of personal data *
- UCD Short Guide to Records of Processing Activities (ROPAs) *
- UCD Short Guide to DPIAs & Risk Assessments for Low-Risk Projects (including all relevant links and templates)*
- UCD - Balancing test / LIA (Legitimate Interest Assessment) Template*
- UCD Data Protection ‘PASSPORT’ for Research Projects - Practical tips for UCD researchers *
- HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
- UCD - Data Protection Checklist for the selection and acquisition of third party (digital) tools*
- UCD - FAQs to Transfer Impact Assessments (TIAs) *
- UCD - Template for (international) Transfer Assessment (TIA) / Transfer Risk Assessment (TRA)*
- UCD Cloud Computing guidance
- UCD IT Security Cloud Security Checklist
- UCD Incident Response Flow Chart*
- UCD Personal Data Incident & Breach report Form (word)
- UCD sample template for personal data breach notification to affected individuals*
- Managing Breaches when Working Remotely* (short video)
- UCD Personal Data Protection Incident & Breach Management Guidance*
- UCD - Get the Basics Right - Simple steps to avoid data breaches *
- UCD - Get the Basics Right - Common Terminology *
- UCD - Get the Basics Right - FAQs by Schools regarding Students *
- UCD Short Guide to taking images & videos for UCD *
- Example of a UCD video/image consent form *
EXTERNAL RESOURCES
Information on data protection, its key concepts, and principles
- DPC - What is personal data?
- DPC - Principles of Data Protection
- DPC - Full Guidance on the Principles of Data Protection
- DPC - Children Front and Centre- Fundamentals for a Child-Oriented Approach to Data Processing
- EC - Ethics and data protection [in scientific research, including H2020]
- DPC - Anonymisation and pseudonymisation
- AEDP&EDPS - 10 Misunderstandings related to ANONYMISATION
- DPC - Controller-Processor Relationships
- DPC - A Practical Guide to Controller-Processor Contracts: Full Guidance Note
- EC - Standard contractual clauses between controllers and processors under Article 28(7)
- EDPB -Guidelines on the concepts of controller and processor in the GDPR
- DPC - Legal Bases Infographic
- DPC - Guidance on Legal Bases for Processing Personal Data
- DPC - Full Guidance on Legal Bases for Processing and Data Subject Rights
- ICO - What is the 'legitimate interests' basis?
- EDPB -Guidelines on Consent
- DPC - Risk based approach of GDPR
- DPC - Data protection by design and default
- EDPB -Guidelines on Data Protection by Design and by Default
- EDPS -Quick-guide to necessity and proportionality
- DPC - Guide to Data Protection Impact Assessments: Full Guidance Note
- DPC - Data Processing Operations which require a Data Protection Impact Assessment
International data transfers - personal data processed outside of the EEA
- EDPB - Guidelines on the territorial scope of the GDPR
- EDPB - Guidelines on Interplay between Article 3 and the provisions on international transfers as per Chapter V of the GDPR
- DPC - Transfers of Personal Data to Third Countries or International Organisations: Full Guidance Note
- EDPB - 2018 Guidelines on Art. 49 Derogations
- EC - Standard contractual clauses for the transfer of personal data to third countries (for GDPR Article 46)
- EDPB - Measures to supplement transfer tools to ensure compliance with the EU level of protection of personal data
- EDPB - European Essential Guarantees for surveillance measures
Data Security – providing a safe environment for personal data
- DPC - Guidance for Controllers on Data Security
- DPC - General Portable Storage Device Recommendations
- DPC - Full Guidance on General Portable Storage Device Recommendations
- DPC - Protecting Personal Data When Working Remotely
- DPC - Securing Cloud-based Environments
- DPC - Full Guidance on Five Steps to Secure Cloud-based Environments
- DPC - Full Guidance for Organisations Engaging Cloud Service Providers
- https://haveibeenpwned.com/ - check if you have an email account that has been compromised in a data breach by entering your email address into: https://haveibeenpwned.com/
- Check which third-party apps you gave permission to access your Google Drive by logging into your Google Account entering the link: https://myaccount.google.com/permissions
Personal data and Health Research - HRR
- GDPR Guidance for Health Researcher
- EC - Ethics and data protection [in scientific research, including H2020]
- HRDPN - PRACTICAL GUIDE ON DATA PROTECTION FOR HEALTH RESEARCHERS
- EDPB -Guidelines on Consent
- HSE - National Policy for Consent in Health and Social Care Research
- Health Research Regulations 2018 (HRR)
- Health Research Regulations - 2021 Amendments
- Health Research Consent Declaration Committee
- Health Research Declaration - FAQs
- Department of Health - Guidance on Information Principles for Consent
- HRCDC Decision Flow Chart for whether a declaration is required or not
- EDPB - Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR)
- EDPB - Clarifications on the consistent application of the GDPR, focusing on health research
Communication, ePrivacy Regulations and the use of cookies
- DPC - Children Front and Centre- Fundamentals for a Child-Oriented Approach to Data Processing
- EDPB - ePrivacy interplay with GDPR
- DPC - Rules for Direct Electronic Marketing
- DPC - FAQ on Consent for Electronic Direct Marketing
- DPC - Deep Dive into DPC's Cookies Sweep
- DPC - Guidance on Cookies and Similar Technologies
CCTV, Drones and Recordings
- DPC - Video Recording
- DPC - Use of Drones
- DPC - CCTV Guidance for Controllers - Full Guidance Note