Contact IT Support

 

 

 

 

Building Trust: How IT and the Data Privacy Office Protect Your Personal Data

14 September, 2025

Protecting Personal Data is a Shared Responsibility

The IT Department, together with the KAUST Data Privacy Office, helps our community design forms, processes, and systems that respect privacy while meeting business needs.

Why it matters

From visitor registrations to conference sign-ups, personal data flows through many daily activities at KAUST. Following simple good practices keeps us aligned with the Saudi Personal Data Protection Law (PDPL) and strengthens trust across our community.

Did you know?

KAUST IT provides supported tools to build secure, compliant forms: Microsoft Forms, Formstack, and Google Forms.

Explore form & survey options

Best practices for forms and events

1) Be transparent from the start

Include a clear purpose statement at the top of your form. For example: “The information requested below will be used to register you for our conference and facilitate your entry through KAUST’s gate.”

2) Collect only what is necessary

  • Only add fields with a clear business reason.
  • Label fields as Mandatory or Optional.
  • Avoid requesting sensitive details (such as health information) unless absolutely required. If needed, contact DPO@kaust.edu.sa for a Data Privacy Impact Assessment.

3) Handle IDs with extra care

Copies of government IDs should only be collected when required for Security/GA and must be purged once submitted.

4) Use consent captures

Every form that collects personal data must include a consent checkbox:

I consent to the processing of the personal information requested in this form for the above-mentioned purposes.

Always link to the KAUST Privacy Policy. If you plan to use emails for future invitations, include an additional opt-in checkbox.

5) Inform about photography and recordings

If your event includes photography or video, inform participants: “By attending, you consent to being photographed and recorded for KAUST official channels.”

6) Secure the data

Form creators are responsible for ensuring encryption and password protection are applied. Not all platforms do this automatically. When in doubt, contact DPO@kaust.edu.sa.

7) Purge data after use

Do not keep personal data longer than needed. After an event or once a report is finalized, securely delete submissions and ensure deleted data cannot be recovered.

Responsibility reminder: the form owner is accountable for ensuring compliance with these practices.

Example: Visitor passport collection

To expedite gate entry, you may request a copy of a visitor’s passport in advance. You must also offer the option to present the passport in person at the Visitors Center, which may take more time.

I consent to the processing of the personal information requested in this form for the above-mentioned purposes.

Tools to help you create forms securely

IT-supported options include Microsoft Forms, Formstack, and Google Forms.

IT & DPO are here to help

The IT Department and the Data Privacy Office work together to make privacy simple, practical, and effective at KAUST. Whether you are building a form, hosting an event, or managing visitor entry, we can guide you.

For questions:
• Chat with VITA on the IT website or at vita.kaust.edu.sa
• Use our standard IT contact channels
• For privacy-specific inquiries, email DPO@kaust.edu.sa

By embedding privacy into everything we do, we protect not just data, but the trust that defines KAUST. Respecting personal information is a way of respecting colleagues, visitors, and partners.