GDPR and Trinity College Dublin


GDPR what is required in Schools

  • Only provide the information to those with a legitimate right to it and for the purposes of implementing Reasonable Accommodations
  • Ensure your School GDPR procedures include a section outlining how you manage disability data in SITS (See TCD Disability Service Privacy Notice  for an example of the level of information suggested here)
  • Set out a clear process for the dissemination of disability data and share it with all in the School who will have access to this data
  • Ensure all staff who have access to this disability data have completed the GDPR training provided by the Data Protection Office in Trinity
  • If and when downloading lists of students with reasonable accommodations password protect all downloads 
  • Store all lists securely in line with the University’s and your School GDPR procedures
  • Do not email unprotected lists of disability data
  • Do not send any protected data to non-Trinity email addresses
  • Advice on how to password protect a PDF

FAQs

The LENS Report contains special categories of personal data as defined in Article 9 of the EU General Data Protection Regulation (GDPR). This data is considered more sensitive than ‘ordinary’ personal data and therefore requires greater protection. A breach of such data could create significant risks to a person’s fundamental rights and freedoms; for example, by putting them at risk of unlawful discrimination or prejudice.

Trinity encourages students with disabilities to disclose disability information on their disability/specific learning difficulty to the Disability Service before they apply to Trinity or at any point during their studies. Such disability disclosure is encouraged so that Trinity can work with the student in ensuring that any reasonable accommodation required is identified and facilitated in consultation with the student.

An electronic record of the student contact with Trinity is held securely in accordance with the Data Protection Act (1998-2003), and information provided to the Disability Service is regarded as ‘sensitive personal data’. Any documentation or information presented in disclosing a disability is held by the Disability Service, and specific medical or other documentation will not be disclosed to any third party, except where necessary to provide reasonable accommodations.

Where a student requests and is granted any form of reasonable accommodation, such as extra time in exams, or permission to record lectures, the Disability Service will, in consultation with the student, disclose relevant information to the individuals in those Schools responsible for providing or facilitating students in accessing such accommodations. Disability disclosure and reasonable accommodations are communicated via the LENS report in SITS – see link.

All disability information is defined as sensitive personal data under GDPR and Trinity Disability Services takes this very seriously. We spend significant time explaining disability disclosure and how we share disability data via the LENS to students. We encourage students to disclose a disability giving them confidence in knowing the reasonable accommodation process via the LENS dissemination to Schools works well. The Trinity Consent to Disclose Disability Information form outlines:

  • Why do we hold data
  • What data do we share and who do we share data with
  • How we store data

Following the Needs Assessment, the student’s Disability Officer prepares an Individual Learning Educational Needs Summary (LENS) detailing the Reasonable Accommodations to be implemented. The information outlined in the LENS is communicated to the relevant School via the student record in SITS. More information on the LENS can be found here.

LENS dissemination to Schools

Trinity Disability Service from the 2018-2019 academic year will disseminate all reasonable accommodations via the LENS report in SITS, the student portal. Students with disabilities who register for disability support will automatically have their support communicated via the LENS in SITS.

Guidance on accessing LENS information in SITS is provided at the following link.

A data controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files. Being a data controller carries with it serious legal responsibilities, so you should be quite clear if these responsibilities apply to you or your organisation. If you are in any doubt, or are unsure about the identity of the data controller in any particular case, you should consult your legal adviser or seek the advice of the Data Protection Commissioner.
More GDPR information is available at:The Data Protection Commission and Trinity GDPR at TCD Data Protection

The Disability Service is responsible for determining reasonable accommodation as per the Trinity Reasonable Accommodation Policy and communicating these to the School in which the student is studying. The Disability Service is a data controller under GDPR.
Schools are responsible for implementing reasonable accommodation in their teaching and learning and assessments. For example, examination accommodation at departmental/course level will require School staff to extract exam accommodations from the list of reasonable accommodations provided in SITS. Schools are data controller under GDPR.

All Schools are expected to have effective dissemination processes in place for sharing LENS reasonable accommodation information only with the relevant staff in the School who require this information.

As data controllers Schools must ensure sensitive personal data is protected.

  • Only provide the information to those with a legitimate right to it and for the purposes of implementing Reasonable Accommodations
  • Ensure your School GDPR procedures include a section outlining how you manage disability data in SITS (See Privacy Statement  for an example of the level of information suggested here)
  • Set out a clear process for the dissemination of disability data and share it with all in the School who will have access to this data
  • Ensure all staff who have access to this disability data have completed the GDPR training provided by the Data Protection Office in Trinity
  • When downloading lists of students with reasonable accommodations password protect all downloads 
  • Store all lists securely in line with the University’s and your School GDPR procedures;
  • Do not email unprotected lists of disability data
  • Do not send any protected data to non-Trinity email addresses

There are two approached to protect a PDF:

  • 1. Using Adobe Professional open the PDF and choose Tools > Protect > Encrypt > Encrypt with Password. For more information using this tool view - Adobe help pages
  • 2. Open SmallPDF's software at SmallPDF protect. SmallPDF will allow you to apply a password to your PDF, making it impossible to open without knowing the password.

For students with a disability on professional courses - Trinity College has developed placement guidelines and recommendations to ensure the distribution of PLENS reports to placement providers is in compliance with the General Data Protection Regulation (GDPR) - GDPR Protocol.