GUIDELINES ON DATA PROTECTION ACTS 1988 & 2003
The objectives of this document are:
- to give an overview of the Data Protection legislation that applies in the Republic of Ireland
- to summarise the responsibilities of staff and students within the Irish Film Academy and
- to summarise the rights of individuals under the legislation.
Further information is available at: http://www.dataprotection.ie
WHAT IS DATA PROTECTION?
Data protection addresses the safeguarding of the privacy rights of individuals in relation to the processing of their personal data. The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons processing personal data.
The Irish Film School (like other Colleges, universities and government bodies etc.), collects and stores data about individuals. This is necessary for the purposes of running the operations of the Irish Film School. Organisations or individuals who control the contents and use of personal data are known as ‘Data Controllers’. The Data Protection Acts 1988 and 2003 impose obligations on Data Controllers and give rights to individuals relating to their personal data.
WHAT TYPES OF DATA ARE INCLUDED?
All personal information relating to a living individual is included under the legislation. It covers data that is held on computers as well as data that is held in manual files.
It applies to all the data that is held - for example it applies to data in emails and letters as well as to data held on master files etc.
WHAT ARE OUR RESPONSIBILITIES?
Any member of the Irish Film School community that is involved in the collection, storage or processing of such data has responsibilities under the legislation.
Examples would include people involved in the collection of data from people applying to do courses at the Irish Film School, those involved in the recruitment of staff, those involved in the processing of Alumni data etc.
- to obtain and process information fairly
- to keep it only for explicit and lawful purposes
- not to disclose it to others
- to keep it safe and secure
- to keep it accurate, complete and up-to-date
- to ensure that it is adequate, relevant and not excessive
- to retain it for no longer than is necessary for the explicit purpose
- to give a copy of the data to an individual, on request. Such a request is known as an ‘access request’.
WHAT ARE YOUR RIGHTS AS AN INDIVIDUAL?
- to have your personal information obtained and processed fairly, kept securely and not illegitimately disclosed to others
- to be informed, to know the identity of the Data Controller and for what purpose they have the information
- to obtain a copy of the personal information
- to have your personal data corrected or deleted if inaccurate
- to prevent your personal information from being used for certain purposes (for example you might want your data blocked for research purposes where it is held for other purposes)
- to have your name removed from a direct marketing list
- to stop some specific uses of your personal information
- to Employment Rights, not to be forced to disclose information to a prospective employer. No one can force you to make an access request, or reveal the results of an access request, as a condition of recruitment, employment or provision of a service. Where vetting for employment purposes is necessary, this can be facilitated where the individual gives consent to the data controller to release personal data to a third party
- to freedom from automated decision making, to have human input in the making of important decisions relating to you. Important decisions about you, for example, work performance, creditworthiness, reliability may not be made solely by automatic means e.g. by computer, unless you consent to this.
- to prevent your phone directory details from being used for direct marketing purposes.
FOR FURTHER INFORMATION:
- more information is available at: http://www.dataprotection.ie
Data Protection Policy