Policies, checklists, and monitoring to keep your Waterford business on the right side of the DPC. Start in under 2 minutes.
Join 2,000+ Irish businesses already protected
Waterford is home to a thriving business community of approximately 6,800 SMEs, and training providers in the Waterford City area and beyond are no exception. But many don't realise the extent of their GDPR obligations — particularly around sharing learner data with qqi, solas, skillnet, or employer sponsors without clear documentation of lawful basis.
Under the Irish Data Protection Act 2018, every business that processes personal data must comply with GDPR. For training providers, that means having proper policies for handling learner names, addresses, dates of birth, and pps numbers, qqi learner numbers and certification records, and more. The DPC has the power to fine non-compliant businesses up to €20 million.
Waterford, Ireland's oldest city, has reinvented itself following the closure of Waterford Crystal with a growing tech sector and pharma industry including Bausch + Lomb and Genzyme. South East Technological University drives research and graduate talent. The Greenway cycling trail and Viking heritage attract growing tourist numbers, while the port supports trade and logistics. With enforcement ramping up across Ireland, there's never been a more important time to get your house in order.
Absolutely. GDPR applies to all training providers in Waterford that handle personal data of EU residents — whether that's booking information, contact details, or employee records. Ireland's Data Protection Commission actively enforces these rules, with penalties reaching up to 4% of annual global turnover.
RISK ASSESSMENT
Sharing learner data with QQI, SOLAS, Skillnet, or employer sponsors without clear documentation of lawful basis
Collecting PPS numbers for certification and funding claims and storing them alongside general learner records
Using online learning platforms that track detailed learner behaviour including login times, module completion, and assessment attempts
Retaining learner records from funded programmes for audit purposes without clear retention policies
Processing employer-provided employee data for corporate training without a data processing agreement
DATA INVENTORY
FREE ASSESSMENT
See exactly where your Training Provider in Waterford stands on GDPR compliance — no signup required.
REQUIRED DOCUMENTS
Every Training Provider in Ireland needs these documents to demonstrate GDPR compliance. ComplianceKit generates all 8 policy types with a living compliance score that tracks your progress.
STEP BY STEP
Provide every learner with a comprehensive privacy notice before enrolment, listing all organisations their data will be shared with — QQI, SOLAS, Skillnet, employers — and the lawful basis for each.
Store PPS numbers separately from general learner records in an encrypted system with strict access controls — not in general spreadsheets or enrolment databases.
Put data processing agreements in place with all online learning platforms, assessment tools, and cloud services that process learner data.
When delivering corporate training, establish a data processing agreement with the employer client clarifying roles — typically the employer is the controller and you are the processor.
Set retention periods aligned with QQI, SOLAS, and Skillnet audit requirements — these may require records to be kept for longer than standard business needs.
Review your online learning platform's data collection practices — understand what learner behaviour data it captures and ensure this is proportionate and disclosed in your privacy notice.
Conduct annual staff training on GDPR, particularly for administrative staff who handle PPS numbers, funding claims, and QQI submissions.
COMMON PITFALLS
Including PPS numbers in general learner spreadsheets shared across staff, rather than storing them in a secure, access-controlled system.
Delivering corporate training and processing employee data without a data processing agreement, leaving both the employer and training provider exposed.
Not informing learners that their data will be shared with QQI, SOLAS, or other funding bodies, which breaches the GDPR transparency principle.
Keeping detailed online learning analytics — login times, module attempts, time spent on each page — without disclosing this in the privacy notice or assessing whether it is proportionate.
FAQ
Everything you need to know about GDPR compliance for your business.
Contact usNEARBY COUNTIES
OTHER SERVICES
Every day your Training Provider in Waterford operates without proper GDPR compliance is a risk. The DPC is increasing enforcement across Ireland — get ahead of it today.
Join 2,000+ Irish businesses. No credit card required.