What impact has the GDPR on your surveys? Here's how you can comply
On May 25, 2018, a new European Union (EU) data protection law, the General Data Protection Regulation (GDPR), takes effect. The GDPR gives individuals in the EU more control over how their data is used and places certain obligations on businesses that process the personal information of those individuals.
Here’s what you can do and what Survey Anyplace is doing to help you create GDPR compliant questionnaires and protect the personal data of your respondents.
Keep in mind that this article is meant to be seen as a resource and not as legal advice. We encourage you to consult legal counsel on how the GDPR has an effect on your organization.
Need a quick first insight into whether or not your questionnaires are ready for the GDPR? Take this 1-minute quiz.
Is it necessary to update your surveys and quizzes?
The GDPR can be overwhelming, but complying often takes just a few small steps.
Firstly, determine whether or not you’re collecting personal data. If, for example, you use Survey Anyplace for anonymous surveys only, your questionnaires don’t require any updates.
In certain circumstances, someone’s IP address, hair color, location or job could be considered personal data. Just as much as that person’s full name or email address. The context in which data is collected is important: A seemingly irrelevant piece of data that you collected can become very relevant in combination with other data about that person.
That also means that general contact information, such as “info@” email addresses, can be ignored when considering GDPR as they are not linked to a specific person.
Secondly, the GDPR only applies to data collected from EU citizens.
That also means that it applies to all companies based in the EU AND non-EU companies that collect data of EU citizens, regardless of a physical presence in the EU.
If the two considerations above both apply to your questionnaires, it is possible that you need to make a couple of changes. Usually, it’s not necessary to update your entire survey.
These are the basic updates you should consider:
- Communicate transparently and in clear, understandable language what you will be using the collected data for.
You should notify your respondents at the moment the personal data is collected. (Not afterward!)
This should include every type of use, from analysis to sharing it with 3rd parties or reusing it in marketing communication for example.
The request for consent should be distinguishable from other matters such as accessing the results of a questionnaire, using a service, … The consent must be given freely and be easy to withdraw again.
Additional data uses can be anything, ranging from marketing communication, sales follow-up, subscribing to a newsletter, …
- Remove any unnecessary questions that collect personal data “just in case” which you cannot justify the use of.
Find out more detailed steps & tips in our blog: How to make a GDPR compliant survey.
Features in Survey Anyplace that require “prior informed consent”
The consent request should be visible prior to that feature being activated.
>>> More tips for consent under the GDPR here.
Specific features to keep in mind:
Automatically collect location data from your respondents. Permission from the respondent via popup in the browser is needed for this feature. Luckily, this is already included in all types of browsers, so you do not need to worry about this.
The use of this feature in itself is not considered as collecting “personal data”, but in combination with other information can help in identifying a person. In that case, the GDPR applies.
>>> Help guide on Geolocation.
Upload a list of respondents in Survey Anyplace, these are your “Contacts”. You can send them invitations to take part in upcoming questionnaires.
The fact that you’re uploading personal data of your respondents in the Survey Anyplace tool should be communicated and requires the respondents’ consent.
>>> Help guide on My Contacts.
Send emails with variable content to your respondents based on their selected answers or a quiz/survey score.
Let people know at the beginning of your survey that they will receive emails from you via the email address they need to submit. Be clear about what you'll be communicating (the questionnaire results, newsletter subscription, sales, ...).
>>> Help guide on Email Templates.
- Data collection options
“Collect IP Address” collects additional information that helps identify a respondent’s computer using the Internet Protocol to communicate over a network and “Collect User-Agent” allows you to identify what type of browser and device a respondent is using.
If you’re switching these features on, we advise you to communicate this at the beginning of your questionnaire.
- Find out what updates were made in the Survey Anyplace tool to make the software and your questionnaires GDPR proof.
- Read up on the basics of GDPR and learn why it is important to comply.
- Learn how to make a GDPR compliant survey on our blog.