Starting from May 25, 2018, all organizations that collect personal data from EU (European Union) Citizens need to comply with the GDPR regulations that ensure the protection of personal data for all EU Citizens.
Any kind of information that can help identify a person is considered personal data. (For example: Name, address, phone number, email address, photographs)
Need a quick first insight into whether or not your questionnaires are ready for the GDPR? Take this 1-minute quiz.
This guide will teach you:
- The most important GDPR principles
- Data Controlling
- Data Processing
- What consequences can you face for not being GDPR compliant?
1. The most important GDPR principles
- Transparency: Organizations are required to inform people in a clear and comprehensible way on how they collect and store data.
- Data-transferring: European citizens can transfer their personal data from one service provider to another.
- The right to be forgotten: Organizations are required to be able to delete all personal data when the person in question requests it.
- Compulsory reporting in case of data leak: Organizations are required to report a data leak within 72 hours.
Pointerpro both collects personal data from its customers and offers the software that enables customers to collect personal data. Consequently, this makes Pointerpro both “data controller” and “data processor”.
2. Data Controlling
In its responsibilities of data controller (personal data that Pointerpro collects from its clients), Pointerpro has updated Terms of Use, Privacy Policy and Cookie Statement in place:
- https://pointerpro.com/terms-and-conditions/
- https://pointerpro.com/privacy/
- https://pointerpro.com/cookie-policy/
These documents clarify how the collected personal data is used in a clear and comprehensible way.
Each user of the Pointerpro software is required to read and accept that Privacy Policy before being able to use the software. A user has the possibility to opt-out of all communication and can request the deletion of all their personal data.
Pointerpro is also compliant with compulsory reporting regulations.
3. Data Processing
In its responsibilities of the data processor (personal data that Pointerpro users collect through the software), the end-user acts as controller of the data and is ultimately responsible for GDPR compliance.
To support its users in this matter, Pointerpro has functionalities in place within the software that enables its users to easily operate compliant to the GDPR regulations.
These functionalities are:
- The possibility to provide an opt-in when personal data is collected through a survey, including the option to provide additional information (or a link to additional information) that describes what the personal data will be used for.
- The possibility to provide multiple opt-ins in cases where personal data will be used for different objectives.
- The possibility to delete a response (the answer to any survey question) from the survey, including all personal data.
- The possibility to delete a respondent without deleting that respondent’s responses: this guarantees the removal of all personal data, while the survey results remain available (albeit anonymously).
- The possibility to delete an entire survey, including all responses and collected personal data.
Find out more about these functionalities here.
Why is it important to comply with the GDPR when collecting data?
- To protect the personal data and the privacy of your respondents.
- To prevent your brand from losing its reputation.
- To avoid penalties for breaching GDPR, which can result in strict fines.
- To streamline your process of collecting and storing data and avoid room for mistakes.
4. What consequences can you face for not being GDPR compliant?
The consequences for non-compliance depend on certain factors such as the duration of the infringement, the quantity of data subjects affected, and the level of impact.
Keep in mind that this will be applicable to both data controllers and processors. Fines for businesses can go as high as 20 million euros or 4% of the global turnover, whichever amount is the highest.
About GDPR:
The EU General Data Protection Regulation (GDPR) is designed to harmonize data privacy laws across Europe, protect and empower all EU citizens' data privacy, and reshape the way organizations across the region approach data privacy. (More information: https://www.eugdpr.org/)
What's next?
- Find out what impact GDPR has on your questionnaires and if it’s necessary to make any changes. Learn what you can do and what Pointerpro is doing to help you create GDPR compliant questionnaires and protect the personal data of your respondents.
- Discover what updates were made in the Pointerpro tool to make the software and your questionnaires GDPR proof: Data collection features: IP address & user agent are default on “nocollect”, Automatically add an “unsubscribe” link in your email invitations, Anonymizing responses and more.
- Learn how to make a GDPR compliant survey on our blog: When you’re using Pointerpro, you’re collecting and processing data. If that data can be used to identify an individual, it’s wise to make a few small updates in your questionnaires.