Data Protection
Data Protection and the General Data Protection Regulation (GDPR)
Introduction
On the 25th May 2018, the General Data Protection Regulation (GDPR) came into effect. In Ireland, GDPR has been given legislative effect in the new Data Protection Act 2018.
This new legislation updates the current law in relation to data protection and seeks to strengthen and unify data protection for all individuals within the European Union including Ireland. It grants new and enhanced rights for all individuals in relation to their own personal information. An individual about whom data is held by an organisation is referred to as a data subject.
Mayo, Sligo and Leitrim Education & Training Board (MSLETB) is the state education and training authority for the Mayo, Sligo and Leitrim region established by the Education and Training Boards Act 2013.
To fulfil its statutory obligations MSLETB gathers, stores and processes large amounts of data on a variety of data subjects. This would include students, learners, staff, third parties and members of the public. This personal data can range from some personal details and CCTV footage to financial transactions. Personal data is any data that permits an individual to be identified.
MSLETB is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data.
The Data Protection regulations and legislation require the staff of MSLETB to process data fairly and to ensure the security of that data
MSLETB is required to:
- explain why personal data is being gathered
- outline the purpose for which it will be used
- only gather the minimum amount of data necessary
- inform persons whether MSLETB will share data with anyone else
- only keep data for as long as it is needed
- protect data from loss or theft
- keep data accurate and up to date
GDPR places restrictions on what MSLETB is allowed to do with personal data such as passing personal information on to third parties, transferring information outside the EU or using it for direct marketing.
GDPR also provides individuals with important rights.
GDPR therefore:
- reinforces the right of a person to ask for a copy of all personal data held relating to them personally
- gives a right to object to direct marketing practices,
- allows a person to ask for inaccuracies in their personal data to be corrected,
- give a right to data portability,
- in certain cases, it allows for personal data to be erased,
- gives the right to seek compensation through the courts where privacy rights have been infringed.
Also under the new legislation the digital age of consent has been set at 16. This means that social media and other online companies will need parental consent where they wish to use the personal data of a child under the age of 16 for marketing purposes or for creating personality profiles.
MSLETB has developed a range of policies that must be adhered to in order to comply with GDPR:
- Students
- Parents/Guardians of students under 18 years of age
- Adult Learners
Click here to view information on how we collect and use your personal data.
- Staff
- Board Members
- Committee Members
- Volunteers
Click here to view information on how we collect and use your personal data.
- Clients of Adult Educational Guidance Services
Click here to view information on how we collect and use your personal data
- Data Protection Policy
Data Breach:
In the event of a Personal Data Breach, the Data Protection Officer should be contacted immediately.
The interim Data Protection Officer (DPO) is Mary McDonald who can be contacted on 086 787 1455 or 094 9024188.
Please also consult our Data Breach Protocol for further guidance.
Data Access Requests:
If you wish to make a Data Access Request, please complete the Data Access Request Form.
The Rights of a Data Subject under the General Data Protection Legislation
A Data Subject has the following rights under Data Protection Legislation which can be exercised at any time:
- Right of access
- Right to Rectification
- Right to be forgotten
- Right to restrict processing
- Right to data portability
- Right to object and to object to automated decision making /profiling
- Right to complain to the Supervisory Authority
For further information please consult our Data Protection Policy or contact our Data Protection Officer.
Policies and Procedures
- MSLETB Adult Educational Guidance Service Privacy Statement
- Annual Leave and Notification of Absence Policy 12-09-16
- Anti-Fraud & Corruption Policy
- Child Protection Policy for MSLETB Staff
- Code of Conduct for Members of the Board
- Code of Conduct for Staff Members
- Code of Practice for dealing with Complaints Third Party Parent Student Staff
- Complaint Procedure
- Contact Persons Leaflet
- Credit Card Policy
- Disciplinary Procedure Policy for Non-Teaching Staff employed by ETBs
- Disposal of Fixed Assets Policy
- Grievance Procedure for Staff employed by ETBs
- Grievance Procedure MOU Issued for Application 15 Feb 2016
- Hospitality Gifts Policy
- MSLETB Procurement Policy V2
- Protected Disclosures Policy – Dec 2017
- MSLETB Risk Management Policy 2020
- ICT AUP Policy – 2019
- Travel and Subsistence Policy
- Internal Dispute Resolution (IDR) Policy and Procedures for Pension Appeals.
Prevention policies dealing with Bullying and Harassment / Sexual Harassment
Data Protection and related policies
MSLETB has appointed a Data Protection Officer (DPO) on an interim basis:
| Name: | Mary McDonald |
| Address: | Mayo, Sligo and Leitrim ETB Newtown Castlebar Co Mayo |
| Email: | dataprotection@msletb.ie |
| Telephone: | 094 9024188 / 086 787 1455 |