IT Carlow Data Protection Policy

A new law around the protection of Personal Data, the General Data Protection Regulation (GDPR) came into force across Europe on 25th May 2018.

Privacy Notice

This section provides detail on how Institute of Technology Carlow deals with your personal and sensitive personal data.
Personal data, both automated and manual, are data relating to a living individual that is or can be identified, either from the data or from the data in conjunction with other information. Some personal data, i.e. those relating to specific categories like a person’s racial origin; political opinion or religion or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence; trade union membership; are classed as sensitive personal data and offer data subject additional protection rights.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The General Data Protection Regulations confer rights on individuals as well as responsibilities on those persons processing personal data.
Accountability and responsibility for complying with Data Protection: As an organisation, Institute of Technology Carlow needs to collect and use personal data (information) about its staff, students and other individuals, who come into contact with the Institute. The purposes of processing data include inter alia the organisation and administration of courses, examinations, research activities, the recruitment and payment of staff, compliance with statutory obligations.
Institute of Technology Carlow, when it acts as the Data Controller of personal data, has overall responsibility for ensuring compliance with Data Protection legislation. However, all employees and students of Institute of Technology Carlow, who separately collect and/or control the content and use of personal data are individually responsible for compliance with the legislation.

Data Protection Privacy Notice for Students »
Data Protection Privacy Notice for Staff »

Data Collection Notice

Please note that your data will be shared with the Higher Education Authority for funding allocation, statistical analysis and policy formulation purposes. The data shared includes personal data such as name, address, Eircode, PPSN, grant status and CAO data. By registering as a student at Institute of Technology Carlow, you are agreeing to your data being shared with the Higher Education Authority. Full details of what data is shared and how this data is used are contained in the HEA Notice link below.
If you wish to object to the processing of your personal data in this manner, or if you have any queries in relation to the processing of your personal data generally, please contact the HEA Data Protection Officer at
Alternatively you can email the Institute’s Data Protection Oversight Group at

HEA Notice »

Data Protection Policy

The Institute’s commitment to protecting the rights and privacy of the data subject are outlined at the following link. 
Data Protection Policy »

Records Management

Details on the Institute’s Records Management and Retention Schedule can be found on the Institute’s website here »

Subject Access Requests

The procedure for submitting and processing Subject Access Requests can be found here - SAR Procedure »

Data subjects must complete the official Subject Access Request form when exercising their rights for access to their personal data. 
SAR Request Form »

Data Breach

Any individual who accesses, uses or manages personal data is responsible for reporting data breach incidents to the Data Protection Oversight Group (e-mail and their Head of Function as soon as it is detected. The urgency of reporting a breach, or suspected breach, to the Institute is due to a regulatory requirement of 72 hours to the Data Protection Commissioner.

Institute of Technology Carlow Data Protection Incident Response and Breach Notification Policy »

Incident Response and Breach Notification Form »

Data Handling

Data Handling Clean Desk Policy

National Forum for the Enhancement of Teaching and Leaning in Higher Education 

This Forum Insight serves as a quick guide to some of the legal obligations arising from the EU’s General Data Protection Regulation (GDPR), the data protection legislation that becomes enforceable across the EU from 25 May 2018.  NF GDPR Insight

What GDPR means for staff at IT Carlow

An overview of IT Carlow staff responsibilities in relation to GDPR GDPR Presentation to staff Sept 2018

Further Information

Any further queries in relation to the GDPR or Data Protection can be addressed to the Institute’s Data Protection Oversight Group (e-mail