The General Data Protection Regulation (GDPR) comes into play in the European Union in May 2018 and it fundamentally impacts the way organizations manage personal data in compliance with the mandates of the new privacy regulation. With GDPR right around the corner, organizations that use online surveys as a tool to collect personal data from customers need to shift their attention to creating GDPR compliant surveys. GDPR compliant surveys are a necessary step towards compliance with data privacy regulations and promote transparency and trust in customer relationships.
Tips to ensure GDPR compliant surveys
You can use online surveys for a variety of reasons, to collect feedback from an array of sources such as customers, prospects, partners, your own employees, and more. When collecting personal data, the end result of this process leaves you in possession of information that needs to be managed in a way that safeguards the privacy of the individual. Here are a few tips to GDPR-proof your online surveys.
1. Ask for consent before sending out an online survey
When you use online surveys to collect personal data, you need to make sure that the data subject provides you with consent to manage their personal data for one or more specific purposes. In that sense, you need to consider that you have to obtain consent before you send out a survey. It falls under your responsibility to inform the respondents of the reasons why you collect their personal data, where you store it, for how long you process it, and in which ways you will use it in the future. Remember that personal data refers to the respondents’ name, email address, phone number,etc. You should use such information can only within the scope of the given consent.
2. Opt-out option
Make sure to include the option to opt-out when inviting individuals to reply to a survey.
3. Processing data of underaged individuals
Parental consent or supervision is required when it comes to collecting and processing the personal data of individuals under the age of 16. Make certain you obtain parental consent before sending out a survey invitation to data subjects under the age of 16.
4. Integrating survey data with third-party applications
When integrating personal survey data to third-party applications, you should verify beforehand that those third parties also comply with GDPR regulations. You can achieve this by updating your vendor agreements to comply with GDPR.
5. Storing personal data
You cannot store personal data you collect using surveys indefinitely. Remember to define and notify data subjects for how long you will retain personal information before you send out survey invitations.
6. The individual’s right to their data
Implement processes that enable you to comply with the individual’s right to request access to personal data you collect through online surveys. Your organization should be ready to facilitate requests to not only access but, also, delete personal information upon request.
7. Data portability
Data portability refers to the ability to transfer personal data from one electronic system to another. You can for example download survey responses to your computer just as long as you keep in mind that those responses might contain personal data and this action always constitutes the creation of a new personal registry.