Data Protection information for creating an MS Form for use in Maynooth University

     
    If you are creating a MS Form for use with students or staff that processes personal data, you, as Data Controller, will need to comply with data protection legislation including GDPR. Here is some information for you but please visit the privacy page of the MU website  for more information.
    Personal data is defined under GDPR as information which relates to a living individual who is identifiable either directly from the data itself or from the data in conjunction with other information held by MU.

    If you are processing personal data, you must accept responsibility for safeguarding the data. Please ensure you have completed the online GDPR training module for staff.
     
    Your data protection responsibilities when using Microsoft Forms

    The GDPR places obligations on MU and the way it handles personal data. In turn, the staff of the University have responsibilities to ensure personal data is processed fairly, lawfully and securely. This means that personal data should only be processed if we have a valid condition of processing (lawful purpose) and we have provided information to the individuals concerned about how and why we are processing their information (e.g. by directing them to a Privacy Notice).

    Under GDPR, failure to comply with data protection legislation can have very serious consequences. Apart from damage to an organisation's reputation, substantial fines can apply. In addition to fines levied by the Data Protection Commission, under GDPR an individual, i.e. a data subject, has the right to take legal actions against an organisation that fails to comply with GDPR. The data subject can claim financial compensation, including compensation for non-material damages.  
     
    You must ensure that the data is kept secure, with permissions set to include only those who need it, that the information is kept up to date and deleted when no longer required as per the Data Retention Schedule for your Department, Business Unit or Project.
     
    The lawful basis for a significant amount of the processing carried out by the University is Performance of a Contract. However, when using Consent as the Lawful Basis for processing, you must demonstrate that the Data Subject has provided appropriate consent for each processing activity, i.e. you must have a record of their consent. For further information on using Consent as the lawful basis for processing please refer to the University’s Data Protection Policy.
     
    When creating your MS Form

    Clearly identify the Data Controller as MU by inserting the official MU logo and/or the logo for your Project at the top of your Form.

    Please ensure that your Form includes the following:

    • A link to or statement from the relevant Data Privacy Notice, e.g. Student Data Privacy Notice,  Staff Data Privacy Notice These documents provide the individual (the data subject) with information on how to contact the Data Protection Officer if they wish. For example - For further information on the University’s Data Protection Policies and procedures, please see our website and our Data Privacy Notices.
    • Information as to why you are collecting the data (the purpose of the Form), how you will store the data and who will have access to it
    • Information on the Data Retention Period, i.e. for how long the personal data will be kept. This should be in accordance with the Data Retention Schedule for your Department/Business Unit/Project.For example – Retention, Personal Data contained in this Form will be held by the Data Controller for the duration of time determined in the Data Retention Schedule.
    • Your name and contact information in order to facilitate data subject rights in respect to rights of access, rectification and removal. Information regarding how to exercise those rights can be found on our webpage

    Please contact the Data Protection Office on [email protected] if you have any queries in relation to this information or data protection in general.
     
     
    RELEVANT DOCUMENTS
    Please see Template MS Form for use with staff or students of MU or members of the public. Template to be personalised before use.