Returning to Campus Hub

Please click for latest updates on Semester 1, September 2021.

Learn More

Guidelines for employees

When collecting and recording personal data

  • Don’t collect personal data unless you require it
  • Collect the minimum amount possible of personal data
  • Ensure that you can justify the need for each piece of data you collect
  • Design forms to collect the minimum amount of personal data which is necessary
  • Don’t alter personal data recorded by a colleague, except for straightforward factual updates
  • Ask permission before taking a photograph of a person. Ensure that you have consent to use a photograph on social media or elsewhere
  • Consider data protection at an early stage in a new project
  • Carry out periodic audits on data accuracy
  • Don’t use sign-in books/sheets in a way that individuals can see each other’s data
  • Personal data is not to be posted on public noticeboards
  • Make requested updates to personal data promptly
  • When recording personal data, check back with the data subject that what you have recorded is accurate
  • Inform data subjects that our Privacy Notices are available on the College website
  • Create backups of important records

When disclosing personal data

  • Double check that you are sending emails to the correct recipient
  • Send group emails via ‘bcc’ where it is not appropriate that recipients see each other’s email address or know each other’s identity
  • Only share personal data with colleagues who require it
  • Explain to parents/guardians and family members that the College only releases learner personal data with the learner’s consent, except in limited circumstances
  • Student ID numbers constitute personal data as they linkable to an individual. They cannot be used to pseudonymise/anonymise information about learners
  • Password-protect attachments containing personal or confidential data
  • Don’t share personal data or other confidential information acquired through your official duties on social media

When storing personal data

  • Create and save personal data and other records in official College systems and accounts
  • If you need to use a personal device or account, also save the record to College systems
  • Pseudonymise or anonymise personal data when no longer necessary to identify individuals
  • Don’t use removable storage devices unless necessary. Password-protect files on such devices


When accessing personal data

  • Only view personal data which you are authorised to view
  • If you propose to use personal data for a ‘new’ purpose, contact the Data Protection Officer in advance


When disposing of personal data

  • Dispose of personal data and other business records in a confidential manner. Shred them. Records are not to be disposed of in wastepaper and recycling bins
  • Abide by the time periods outlined in records retention schedules when disposing of records
  • Remember that some records are designated archival, which means that they are kept on an ongoing basis. Keep these records safe and secure; transfer them to the Delany Archive
  • Ensure that you have written authorisation to dispose of records
  • Return hardware to IT Services for safe deletion of data

Personal data breaches

  • Notify the Data Protection Officer immediately of any incident where personal data has been placed at risk or if you suspect a potential or actual personal data breach. If you are unable to contact the Data Protection Officer, contact the Office of the President, Director of Operations or your line manager


Keeping data secure

  • Employees have a duty of confidentiality with respect to personal data and other official records
  • Ensure that your screen is not viewable from a public area
  • Lock your office when unattended
  • Lock your screen when you leave your office
  • Don’t leave unauthorised persons alone with personal data
  • Keep paper records in a locked storage unit
  • Don’t remove records from the College premises unless necessary
  • Don’t leave records on view or overnight in your car
  • Assignments and examination scripts are not to be corrected in a public place
  • Don’t print unnecessary paper copies of personal data and other records
  • Make passwords difficult to guess
  • Don’t share passwords
  • Don’t use the same password for multiple accounts
  • Don’t save personal data or other confidential records to shared devices


If you receive a data protection request

  • Send it to the Data Protection Officer without delay

New colleagues

  • Appoint a ‘buddy’ to new employees to explain procedures for handling personal data and other records
  • Work experience volunteers should have limited or no access to personal data and other confidential records


Sharing personal data with external companies / organisations

  • We are obliged to have a GDPR-compliant contact when engaging external companies (processors). Contact the Data Protection Officer prior to agreeing a contract
  • Ensure that you abide by the terms of any data sharing agreement or contract that is in place


International data transfers

  • If you need to send personal outside the European Economic Area, contact the Data Protection Officer in advance
Skip to content