-
Courses
Courses
Choosing a course is one of the most important decisions you'll ever make! View our courses and see what our students and lecturers have to say about the courses you are interested in at the links below.
-
University Life
University Life
Each year more than 4,000 choose University of Galway as their University of choice. Find out what life at University of Galway is all about here.
-
About University of Galway
About University of Galway
Since 1845, University of Galway has been sharing the highest quality teaching and research with Ireland and the world. Find out what makes our University so special – from our distinguished history to the latest news and campus developments.
-
Colleges & Schools
Colleges & Schools
University of Galway has earned international recognition as a research-led university with a commitment to top quality teaching across a range of key areas of expertise.
-
Research & Innovation
Research & Innovation
University of Galway’s vibrant research community take on some of the most pressing challenges of our times.
-
Business & Industry
Guiding Breakthrough Research at University of Galway
We explore and facilitate commercial opportunities for the research community at University of Galway, as well as facilitating industry partnership.
-
Alumni & Friends
Alumni & Friends
There are 128,000 University of Galway alumni worldwide. Stay connected to your alumni community! Join our social networks and update your details online.
-
Community Engagement
Community Engagement
At University of Galway, we believe that the best learning takes place when you apply what you learn in a real world context. That's why many of our courses include work placements or community projects.
Accessibility & LanguageRoPA
Please note that Under Article 30 of the GDPR, the University is obliged to maintain a record of processing activities.
In accordance with legal requirements, the University Data Protection Policy and related procedures, each Unit must complete and review the University Records of Processing Activities template for its unit on an annual basis.
In summary, this template asks:
- Why is your unit holding the personal data?
- How did your unit obtain the personal data?
- What is the legal basis for processing the personal data?
- How long will your unit retain it?
- How secure is it, both in terms of encryption and accessibility?
- Does your unit ever share it with third parties and on what basis might it do so?
- How long are your unit keeping the personal data for and why?
Please click here to complete the template for your unit through Microsoft Forms. The following guide can be used as an aide to complete the excel template: NUIG Guide to Record of Processing Activities
If Units prefer (we do not need both, please complete either Microsoft forms or excel), an excel template is available at: University of Galway Unit Data Protection Records of Processing Template. The following guide can be used as an aide to complete the excel template: NUIG Guide to Completing Record of Processing Activities
What is a Record of Processing Activities (RoPA)?
- Record of Processing Activities (RoPA) are documented records, in electronic form, of personal data processing activities.
- The purpose of the ROPA is to assist members of staff, researchers and others in meeting their legal obligations when interacting with, or processing, personal data in any way for which University of Galway is ultimately responsible.
Why must we keep a RoPA?
- The University and each unit area are legally obliged to under Article 30 of the GDPR to maintain a Record of Processing Activities (“RoPA”) of personal data under its control.
- The University is subject to significant fines from the Office of the Data Protection Commissioner if a RoPA is not maintained.
What are the benefits of maintaining a RoPA?
- The benefits in recording what personal data a unit holds is that the more the University and each unit understands about the personal data held by a unit, the more effectively and efficiently we can protect and manage it.
- The insights contained in a unit’s Records of Processing Activities provide the necessary foundation for protecting the personal data of our students and staff (and others).
- It aligns with data protection requirements.
- A RoPA identifies what personal data is held, whose personal data, why it is held, where it is held, who has access, to whom it may be transferred and under what conditions, when, and how.
- The completion of the RoPA process also helps embed an understanding and a culture of awareness of the importance of how we treat personal data.
What must a RoPA contain?
- The name and contact details of the personal data controller (normally for our purposes University of Galway), the controller’s representative (the named University of Galway unit) and the University Data Protection Officer.
- The purposes of the personal data processing (for example, this could include teaching, research, HR administration, exams, etc.).
- A description of the categories of data subjects (for example, this could include students, staff, agency workers, research participants).
- The categories of personal data processed. This could include, for example, CVs, Garda vetting details, extenuating circumstances forms, annual leave forms, etc.
- The categories of recipients to whom the personal data has been or will be disclosed. It is very important that we identify and document to whom we are disclosing personal data, as that is a key step in maintaining control and protection of personal data.
- Identification of where there are transfers of personal data to a country or an international organisation outside of the EC.
- Where there are transfers of personal data to a country or an international organisation outside of the EC, documentation of the safeguards used to protect the transfer.
- Please see: international transfers
- The time limits for erasure of the different categories of data (these are in the process of being identified centrally).
- A general description of the technical and organisational security measures. These measures are largely set out in University IT Policies and Procedures, which all members of the University should familiarise themselves with. Please see: online IT security training
- It implements sound personal data management practices across the University.
What is Personal Data?
- “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- The definition is – deliberately - a very broad one. In principle, it covers any information that relates to an identifiable, living individual.
What is Sensitive Personal Data or Special Categories of Personal Data?
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data uniquely identifying a natural person
- data concerning health or data concerning a natural person’s sex life or sexual orientation.
Why must we protect Personal Data?
- legal requirement
- human right of individuals
- promotes good information handling practices
- protects you & the University’s reputation
- individuals own their personal data and organisations must protect it.
What is the difference between a Data Controller and a Data Processor?
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
What legislation governs Data Protection in Ireland?
The use and processing of personal data is regulated by both EU and Irish legislation:
- Data Protection Act 2018
- Article 40.3 of the Constitution of Ireland 1937. Constitutional Right to Privacy
- The General Data Protection Regulation.
