Personal Data

<< GDPR@compsi

Examples of categories of personal data that may exist within a university include, but are not limited to:

  • Personnel files (paper or electronic) containing names, CVs, references, staff request forms, copies of employment contracts, PPS numbers, passport photos, contact details, salary, qualifications, contract status, contract start/end dates etc
  • Bank account details (e.g. Wages Payment Form)
  • Expense claims
  • Online identifiers (such as an IP address)
  • Location data
  • Documentation relating to the Garda National Immigration Bureau
  • Reports to funders with details of staff member’s qualifications, rates of pay, contract duration etc
  • Medical certs / Doctor sick notes
  • Annual leave records
  • Sabbatical leave records
  • CCTV images / Video capture images / Voice recordings
  • Records of license plate numbers
  • Researcher Hosting Agreements
  • Continuing professional development records
  • Research student stipend documentation
  • Research student forms
  • Scholarship Application Forms
  • Analysis of staff workload records
  • Staff / student performance review documentation
  • Questionnaires obtained from research subjects (paper/on-line)
  • Research subject consent forms
  • Contact lists or mailing lists for students, research subjects and research partners 
  • Student exam results / broadsheets
  • Student Module exemptions
  • CV’s of tutors
  • Plagiarism notifications and related documentation
  • Correspondence with students
  • Postponement / deferral documentation / Extenuating circumstances forms for students
  • References for staff / students
  • Feedback forms
  • Assignment results
  • Garda Vetting documentation for students and members of staff
  • Job offer notices
  • Travel grant application forms
  • Exam validation reports for all students per modules
  • Clinical files relating to students
  • Clinical files relating to research participants
  • Recordings taken using mobile or personal cameras e.g. ‘Lifelogging’.
  • Profiles of researchers / students / other individuals held in any format
  • Micro-Teaching digital recordings and any related material (i.e. Parental Consent Forms)
  • Customer credit card or ATM card details
  • Bank details of suppliers who are individuals (i.e. not legal entities such as companies, trusts)
  • Alumni details
  • Agent details (contact addresses, bank account details etc.)


Some personal data, called sensitive personal data, require a higher degree of control and security.

Sensitive personal data are defined in the Data Protection Acts as any personal data as to: 

  • Racial or ethnic origin
  • Political opinions or the religious or philosophical beliefs of the data subject
  • Membership of a trade union
  • Physical or mental health conditions 
  • Sexual life of the data subject
  • Commission or alleged commission of any offence by the data subject
  • Any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings

The Data Protection Acts require additional conditions to be met for the processing of such data to be legitimate.  Usually this will be the explicit consent of the person about whom the data relates.

Examples of sensitive data include but are not limited to: bio-metric data, genetic data, political, religious, trade-union views, sex life, health data, racial or ethnic origin, offences, convictions, security measures.  

<< GDPR@compsi