Forms must be on encrypted servers (i.e. using SSL with an "https://" URL)
- Keep forms on Georgia Tech servers or approved services: e.g. Qualtrics, not Google Forms
Old data should be:
Deleted if not needed (e.g. RSVPs from past events.)
Downloaded to internal storage as soon as practical.
Never ask for social security numbers (SSNs), credit card numbers, drivers licence numbers, birthdates, etc.
We are not allowed to collect money from anyone! (No Paypal, Amazon storefronts, etc.). Money must be collected via the Bursar's Office
Review the GDPR sensitive data list and consult with the college web developer if you need to collect any of those types of data.