Georgia Tech Compliance

The EU GDPR is a regulation designed to protect the privacy of individual's personal data and requires entities (including universities) to implement reasonable data protection measures to protect individuals’ personal data and privacy against loss or exposure. A team of representatives from Legal Affairs, Risk Management, Cyber Security, and Enterprise Data Management are working together with your participation to ensure the Institute is in compliance with this regulation.

The Georgia Tech EU General Data Protection Regulation Compliance Policy is located in the Policy Library, and can be accessed via the following link:
Please review the policy to further understand the purpose, scope, definitions, and procedures.


All Georgia Tech Data Stewards who collect or process personal data protected by the EU GDPR must document the lawful basis for the collection or processing of personal data and sensitive personal data they collect or process, why they collect it, and how long they keep it. Georgia Tech has prepared the following Lawful Basis form (hosted through a Qualtrics survey) to facilitate further discussions about what steps, if any, your area may need to take to comply with the regulation. Due to the types of questions asked in this form as well as the time it may take to complete, it may be helpful to preview the Lawful Basis form (PDF document) first before submitting your responses (via the Qualtrics survey link).


Once you complete the Lawful Basis form, a team member will reach out to you to discuss next steps. Those next steps may include the need for a consent form and a unit privacy notice. Templates of those documents are located below which you may refer to if your next steps require them.


Should you have any questions or concerns about steps required to achieve compliance with this regulation, please contact