“GDPR? I really don't have to have this stress! "

You don't have to! QuestionPro meets the standards for GDPR-compliant data collection that came into force in 2018. You can find important information here.

Market research and experience management customers

GDPR GDPDU Market Research Experience Management

Create and conduct GDPR-compliant surveys and touchpoint analyses

The General Data Protection Regulation GDPR came into force in the European Union in May 2018 and has fundamental implications for how companies handle individuals' data in compliance with the new data protection laws. Online surveys that focus on collecting consumer, market or employee data also have to deal with the updated regulations. To make it easier for QuestionPro survey software users to create and send GDPR-compliant data surveys, we have implemented a sophisticated process to ensure that all data collected through our platform is fully GDPR-compliant.


Nomination of a Data Protection Officer

Any organization that collects data from EU citizens must appoint a data protection officer. This person represents the organization in relation to privacy issues. For online surveys conducted with QuestionPro, the privacy officer will be listed in the footer of the survey or will add a link titled "Privacy & Data Security" to the information.

Entry of the data protection officer

The input fields for naming the data protection officer in online surveys and surveys can be found at QuestionPro at:
Account → Compliance → GDPR → Data Protection Officer.

As soon as you set the GDPR control field to ON, you will be automatically redirected to the corresponding input field.

Activation of GDPR conformity in QuestionPro

The GDPR compliance of QuestionPro is already preset for operation on servers of the European Union. The settings for GDPR-compliant data collection can be found at QuestionPro at:
User account → Compliance → GDPR
Make sure that the GDPR ON / OFF selection field is ON!
Please check the settings in your user account!

Dwell time of survey data

The requirements of the GDPR state that companies must make it clear how long respondents' data will be kept. QuestionPro itself has an indefinite retention period for the data collected as long as the account is active and paid. Once an account is terminated voluntarily or involuntarily (due to non-payment), we have a 30-day period after which we remove all data from our servers.

The GDPR regulations require that each company has its own data retention policy, in particular how long data is kept. QuestionPro provides information on its own data expiry policy. We recommend that our clients adapt their own data retention period and clearly and unambiguously state that it complies with the principle of consent after respondents have been informed about the expiry of the data.

Right of insight

The GDPR requires that respondents have the possibility to view and download all data collected about the respondent. The GDPR recommends a machine-readable format for downloading the data.

QuestionPro provides a mechanism for respondents to download not only the survey data but also the user's metadata. This includes information about the IP address, browser information, etc. Respondents can download this data in PDF and JSON format.

Notification of data breaches to the supervisory authority

GDPR requires a legal obligation to notify the supervisory authority of a data protection violation within 72 hours of becoming aware of it.

QuestionPro has selected the Dutch DPA as the lead supervisory authority responsible for the QuestionPro collected data. That's because our physical EU servers are located in the Netherlands.

In the event of a violation of the data protection regulations, QuestionPro is obliged to report this to the DPA in the Netherlands.

Corporate customers can also choose their own regulator. In the event of data protection violations, the company itself must then inform the competent authority as soon as they become aware of us.

In cases in which a data breach occurs without our cooperation - e.g. if a laptop with data from a respondent is stolen - it is up to our customers to inform their own supervisory authority about the breach.

QuestionPro provides its corporate customers with a mechanism for selecting the supervisory authority.

Further information on the subject of the GDPR

Data processing agreement

QuestionPro will provide a standard data processing agreement for all customers outlining our obligations as data processors.

We understand that most companies have their own data protection and data processing agreements which QuestionPro will sign and accept when using its survey and analytics platform after sufficient review. This process is only available to our Enterprise Licence customers. Enterprise Licensed customers can request changes to the standard GDPR agreement, but it typically takes 30-60 business days for changes to our standard GDPR to be approved.

A non-modifiable standard agreement on data processing and data protection is provided for all other customers.

Right to forget

When respondents click on Privacy & Data Protection, they may request the deletion of their data. This also applies to the stored survey data. In addition, respondents may also request that all tracking data about the user is deleted. QuestionPro automatically removes this data from its servers.

Purpose of data collection

When respondents click Privacy & Data Protection, the stated purpose of the data collection is listed. Solely survey initiators are responsible for the contents.

QuestionPro offers its customers the following standard formulations for standard data processing agreements:

  • Use of the data for research purposes only.
  • No commercial sale of the data.
  • Respondents are not contacted for marketing or sales purposes.

It is up to the customer to decide which options to choose. The content can also be customized.

The default options are available in German, English, Spanish, French, Arabic, Hebrew, Japanese and Chinese. Additional languages ​​can be added - however, customers must provide the content and translations themselves.

Our data protection officer in accordance with Section 38 of the Federal Data Protection Act (BDSG) and Article 37 of the General Data Protection Regulation (GDPR)

Felix Bornstein
ISICO Data Protection GmbH
At the Hamburger Bahnhof 4
10557 Berlin
privacy@questionpro. De
Tel: 49 30 91607401
Fax: +49 30 91607402

Do you have further questions about GDPR compliance? Contact us!

We are always happy to help and advise you on all questions relating to GDPR compliance for online surveys! It is best to use this for your questions QuestionPro FAQ sheet.  GDPR FAQ.

Data protection officer of the countries of the European Union

Here you will find a list of data protection officers from the countries of the European Union.

Data protection officer of the federal states

1:1 live online advice

We would be happy to answer all of your questions about GDPR compliance as part of a 1:1 live online consultation QuestionPro. Arrange a personal appointment now!

Experience Management Platform QuestionPro

Platform for market research and experience management

GDPR-compliant data collection for online surveys

Cookie Notice

This website uses cookies to improve the use and optimize the content. User interactions are evaluated anonymously. By continuing to use the website, you consent to the use of cookies. Data protection declaration of QuestionPro Imprint - QuestionPro GmbH

Make a selection to continue

Your selection has been saved!

additional information


In order to continue you will need to make a cookie selection. Below is an explanation of the different options and what they mean.

  • OK:
    All cookies, including tracking and web analysis cookies, are accepted. IP addresses are anonymized in any case.
  • Deactivate all cookies:
    No cookies are set, apart from the cookie that saves your selection and cookies that are necessary for the operation of the website, such as session cookies. Personal data is not recorded or saved in the process.

If you would like to use this website entirely without cookies, please deactivate the cookie setting in your browser. You can change your cookie setting here at any time: Data protection declaration of QuestionPro. Imprint - QuestionPro GmbH