-
Courses
Courses
Choosing a course is one of the most important decisions you'll ever make! View our courses and see what our students and lecturers have to say about the courses you are interested in at the links below.
-
University Life
University Life
Each year more than 4,000 choose University of Galway as their University of choice. Find out what life at University of Galway is all about here.
-
About University of Galway
About University of Galway
Since 1845, University of Galway has been sharing the highest quality teaching and research with Ireland and the world. Find out what makes our University so special – from our distinguished history to the latest news and campus developments.
-
Colleges & Schools
Colleges & Schools
University of Galway has earned international recognition as a research-led university with a commitment to top quality teaching across a range of key areas of expertise.
-
Research & Innovation
Research & Innovation
University of Galway’s vibrant research community take on some of the most pressing challenges of our times.
-
Business & Industry
Guiding Breakthrough Research at University of Galway
We explore and facilitate commercial opportunities for the research community at University of Galway, as well as facilitating industry partnership.
-
Alumni & Friends
Alumni & Friends
There are 128,000 University of Galway alumni worldwide. Stay connected to your alumni community! Join our social networks and update your details online.
-
Community Engagement
Community Engagement
At University of Galway, we believe that the best learning takes place when you apply what you learn in a real world context. That's why many of our courses include work placements or community projects.
Accessibility & LanguagePrivacy by Design
Privacy by Design means that the University needs to consider privacy at the initial design stages and throughout the complete development process of new products, processes or services that involve processing personal data.
Privacy by Default means that when a system or service includes choices for the individual on how much personal data they share with others, the default settings should be the most privacy friendly ones. This means the University needs to integrate data protection into our processing activities and business practices, from the design stage right through the lifecycle.
Articles 25(1) and 25(2) of the GDPR outline our obligations concerning data protection by design and by default.
Article 25(1) specifies the requirements for data protection by design: ‘Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.’
Article 25(2) specifies the requirements for data protection by default: ‘The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.’
Article 25(3) states that if University of Galway adheres to an approved certification under Article 42, University of Galway can use this as one way of demonstrating our compliance with these requirements.
University of Galway must put in place appropriate technical and organisational measures designed to implement the data protection principles and safeguard individual rights.
The key is that University of Galway considers data protection issues from the start of any processing activity and adopts appropriate policies and measures that meet the requirements of data protection by design and by default.
How do data protection by design and by default link to data protection impact assessments (DPIAs)?
A DPIA is a tool that University of Galway can use to identify and reduce the data protection risks of our processing activities. They can also help us to design more efficient and effective processes for handling personal data. DPIAs are an integral part of data protection by design and by default. For example, they can determine the type of technical and organisational measures University of Galway needs to apply in order to ensure our processing complies with the data protection principles. However, a DPIA is only required in certain circumstances, such as where the processing is likely to result in a risk to rights and freedoms, though it is good practice to undertake a DPIA anyway. In contrast, data protection by design is a broader concept, as it applies from an organisational point of view and requires University of Galway to take certain considerations even before it decides whether our processing is likely to result in a high risk.
Some examples of how University of Galway can do this include:
- minimising the processing of personal data;
- pseudonymising personal data as soon as possible;
- ensuring transparency in respect of the functions and processing of personal data;
- enabling individuals to monitor the processing; and
- creating (and improving) security features.
Checklist for University of Galway Units to consider:
- University of Galway considers data protection issues as part of the design and implementation of systems, services, products and business practices.
- University of Galway makes data protection an essential component of the core functionality of our processing systems and services.
- University of Galway anticipates risks and privacy-invasive events before they occur and takes steps to prevent harm to individuals.
- University of Galway only processes the personal data that University of Galway needs for our purposes(s), and that University of Galway only uses the data for those purposes.
- University of Galway ensures that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
- University of Galway provides the identity and contact information of those responsible for data protection both within our organisation and to individuals.
- University of Galway adopts a ‘plain language’ policy for any public documents so that individuals easily understand what University of Galway is doing with their personal data.
- University of Galway provides individuals with tools so they can determine how University of Galway is using their personal data, and whether our policies are being properly enforced.
- University of Galway offers strong privacy defaults, user-friendly options and controls, and respects user preferences.
- University of Galway only uses data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
- When University of Galway uses other systems, services or products in our processing activities, it makes sure that it only uses those whose designers and manufacturers take data protection issues into account.
