Our website uses cookies to offer you a better browsing experience, analyse site traffic, personalise content, and serve targeted advertisements. Please visit our Cookie Policy page for more information about cookies and how we use them

Data Protection and GDPR

Data Protection

Some information about individuals is stored on computers and in hard copy.  This data ranges from basic contact information (eg names and email addresses) to sensitive personal information (eg date of birth, PPSN, medical information), and information relating to academic programmes (eg re interviews, assignments and assessments). 

As organisations store and process such data, the General Data Protection Regulation (GDPR).  addresses the fundamental right of every living person to control their personal information, and have it adequately protected by any group processing and holding it.  In Ireland, the GDPR is regulated by the Data Protection Commissioner (DPC). 

GDPR

The General Data Protection Regulation (GDPR) (EU) (2016/679) is an EU Regulation that came into law in 2018, and all organisations must comply with its seven principles.  The GDPR requirements for processing personal information must be carried out by all organisations operating within the EU. It also applies to organisations from jurisdictions outside the EU that offer goods and/or services to individuals in the EU.

The obligations of the GDPR apply to Data Processors, with particular responsibilities on Data Controllers, such as MIE.  They decide how and why personal information is processed. The Controller has overall responsibility for ensuring compliance with GDPR, while the Processor is an individual who acts on the Controller’s behalf and under the Controller’s instructions.

Data Protection at MIE

As MIE collects and uses personal data in compliance with Data Protection legislation, a comprehensive Data Protection programme has been initiated throughout MIE to promote a culture of best practice in Data Protection and GDPR awareness and compliance.

Anyone who gathers and processes personal data on behalf of MIEmust comply with our data management procedures to avoid breaches of data protection legislation.  Being compliant with the regulation will protect the people we work with and our reputation.  The personal data which MIE processes relates to the students, staff, and others who engage with the Institute  MIE - Data Protection Policy and Procedures.

An invaluable element of data protection implementation is our network of support and engagement across the organisation.  

A designated Data Protection Officer (DPO), who reports directly to the President,

  • assists in monitoring internal compliance with the GDPR;
  • provides advice and guidance on policy review and development;
  • oversees data protection awareness and training; and
  • delivers support and advice with regard to data protection laws and requirements.

GDPR compliance at MIE is supported by specialist data protection consultants, who

  • provide a secure online platform for all data protection matters;
  • support development of processes to promote best practice;
  • advise on data protection laws and regulations;
  • facilitate online awareness and training.

Data Champions are nominated within departments throughout MIE and have a central role in effective data protection at GDPR implementation.  Working closely with the DPO, their role is

  • to promote good data management and coordinate Data Protection compliance matters within their area of responsibility;
  • to be a point of contact for the DPO regarding Data Protection matters;
  • to identify and address organisational risks, as well as actions to mitigate and reduce future risks; and
  • to bring relevant Data Protection/GDPR to the attention of staff in their area.

The Leadership Team

  • support the development and implementation of policies and related practices and procedures;
  • act as Document Reviewers.

Heads of Department

  • raise awareness across the organisation; and
  • support awareness and training at departmental level.

The Quality Committee

  • review and develop policies and related documents.

All Staff

  • engage in mandatory eLearning data protection and GDPR awareness and training;
  • work to improve compliance throughout the organisation.

Students

  • engage in awareness and training across programmes and courses throughout MIE.

 

Awareness and training

Training and awareness for staff and students is an important element in developing and nurturing a culture of best practice in data protection at MIE.

An eLearning Data Protection and GDPR awareness and training programme is provided for staff and students.

Courses modules include

  • GDPR principles
  • legislation and regulation
  • personal data
  • sensitive personal data
  • data subject rights
  • responsibilities
  • cyber security
  • malware
  • internet acceptable use
  • information and device security
  • phishing
  • subject access requests (SARs)
  • lawfulness
  • consent
  • data breach
  • data protection/GDPR in education settings.

Guide to GDPR for Staff 

Policies and related documents

MIE’s policies and related documents are updated on a regular basis.  The following documents relate to data protection, and provide staff and students with guidance and support in order to ensure compliance in these areas.

 

Data Protection Officer (DPO)

All data protection queries should be directed to the DPO:

Eileen Jackson, Data Protection Officer, Marino Institute of Education, Griffith Avenue, Dublin 9, D09 R232.

Email: dpo@mie.ie

Telephone: 01 853 5114

 

Resources

Data Protection Commission (DPC)

Data protection information and guidance is available from the Data Protection Commission (DPC)

General Data Protection Legislation and Regulation

The most recent data protection legislation and regulation for Ireland are