GDPR

GDPR Compliance

The Union of Students in Ireland seeks to comply fully with the provisions of GDPR.  In principle, USI seeks to handle data as follows:

  1. USI will seek to avoid capturing special category information about people accessing our services, but if it does so it will:
    1. Minimize the data collected
    2. Process the information internally in a secure environment with the smallest number of operatives exposed to the information as possible
    3. Complete the processing of the information as quickly as possible and terminate (delete) the special category information along with non-special category information as quickly as possible
  2. There are several routes for the collection of information within USI, not restricted to but including:
    1. Registration to attend events
    2. Registration to support a political action
    3. Registration for competitions

as may be run from time to time in the pursuance of an intended and notified objective of the organisation.

In each case, USI will store (a form of processing), apply data management and analysis techniques (another form of processing) and eventually delete (the final form of processing) data when it has been used for its intended business purpose, and will not hold on to data beyond the close of its intended business purpose.

  1. USI discourages the passive collection or collation about individuals accessing our services or seeking to communicate with us and will take steps to avoid this.
  2. USI occasionally receives information from persons accessing our services inside the meaning of special category data in a method which USI considers to be insecure and whereupon storage would create a risk of exposure. In these cases, USI will:
    1. Retrieve the information and store it in a more secure and suitable location
    2. Delete the information to the best of USI’s ability on the insecure system
    3. Process the information in accordance with the principles in a) above.