A review of Trinity’s data protection standards has highlighted a “sound understanding” of data security, but also noted a number of risks to data protection in College, calling for the introduction of a Data Protection Officer.
The purpose of the review was to establish and assess College’s level of compliance with current Irish data protection legislation, and to review College’s approach to the incoming EU General Data Protection Regulations.
Alongside the need to ensure compliance with EU regulations, the main findings and recommendations of the review included a requirement for a Data Protection Officer as well as data protection training and awareness and data protection documentation. The College Board, in its discussion of the review at its meeting on December 14th, stressed the importance of preparing adequately for the introduction of the EU regulations, as these regulations are considerably more onerous than existing requirements, and are likely to pose challenges for the university.
The role of a Data Protection Officer would currently fall under the responsibility of the College Solicitor, Sinéad MacBride.
The review highlighted a number of risks in the College to be addressed. At a College Board internal audit review, co-conducted by BDO Ireland, which took place in November 2016, Trinity’s standard of data protection was examined, as well as its compliance with various areas of data protection law. In attendance at this board meeting were John Bolger and Simone Conway of BDO Ireland, the co-sourced internal audit partner firm.
The review, which was conducted across various locations in Trinity, focused on core administration functions that process personal data and sampled five different schools of the College. Bolger advised that, while there appeared to be a “sound understanding” in the university of the need to approach personal data with sensitivity and confidentiality, there were a number of risks that needed to be addressed.
It was also advised that the review identified gaps in relation to planning for the implementation of the updated EU Data Protection Regulations, which will become part of Irish law in May 2018. The objective of these new regulations is for citizens to regain control over their personal data and to simplify the regulatory environment for business. This reform is a key enabler of the Digital Single Market which the EU has prioritised, and will allow European citizens and businesses to fully benefit from the digital economy.
BDO Ireland is the largest European-based accountancy network in the world, offering services in areas such as auditing and corporate finance. Both Bolger and Conway specialise in risk and advisory services and information technology services, and were invited to brief the College Board on the findings and recommendations of the review.
