Be on the safe side with QuestionPro!
The QuestionPro survey software meets the GDPR (GDPR) standards that came into force in 2018. – compliant data collection. Here you can find more information on the topic and how to check GDPR compliance.
Perform GDPR / GDPR compliant data collection
The General Data Protection Regulation (GDPR) will enter into effect in the European Union in May 2018 and will have a fundamental impact on how organizations treat individuals' data in compliance with new privacy laws. Online surveys, market or employee data collection also need to be covered by the updated rules. To make it easier for users of QuestionPro Survey Software to create and send GDPR compliant data collections, we have introduced a sophisticated process that ensures that all data collected through our platform is fully GDPR compliant.
.
Here you will find → Instructions with screenshots
Here you will find our → FAQs about GDPR and surveys
Activating GDPR / GDPR compliance
in QuestionPro
The settings for GDPR / GDPR-compliant data collection for online surveys and surveys can be found at QuestionPro at:
User account → Compliance → GDPR
Make sure that the GDPR ON / OFF checkbox is set to ON!
NOTE – If your user account is on our EU server, GDPR / GDPR compliance is activated by default. Please check the settings in your user account! If you have any questions, please feel free to contact our → Customer service!
Nomination of a Data Protection Officer
in online surveys
Any organization that collects data from EU citizens must appoint a data protection officer. This person represents the organization in relation to privacy issues. For online surveys conducted with QuestionPro, the privacy officer will be listed in the footer of the survey or will add a link titled "Privacy & Data Security" to the information.
Entry of the data protection officer
in QuestionPro
The input fields for naming the data protection officer for online surveys and surveys can be found at QuestionPro at:
Account → Compliance → GDPR → Data Protection Officer.
As soon as you set the GDPR control panel to ON, you will automatically be redirected to the corresponding input field.
Retention period of survey data
The GDPR / GDPR guidelines state that companies need to clarify how long data about respondents is stored. QuestionPro itself has an unlimited retention period of collected data as long as the account is active and paid. Once an account is terminated voluntarily or involuntarily (for non-payment), we have a 30-day extended grace period after which we delete all data from our servers.
GDPR / GDPR regulations require each company to set its own data retention policies, specifically how long the data will be retained. QuestionPro provides information about its own data expiration policy. We recommend that our customers adapt their own data retention period and clearly and unambiguously formulate that it complies with the principle of informed consent of the respondents regarding the expiration of the data.
Right to view the survey data collected
The GDPR / GDPR demands that respondents have the opportunity to view and download all collected data on the respondent. GDPR / GDPR recommends a machine-readable format for downloading the data.
QuestionPro provides a mechanism for respondents to download not only the survey data but also the user's metadata. This includes information about the IP address, browser information, etc. Respondents can download this data in PDF and JSON format.
Notifying the supervisory authority of data breaches
The GDPR / GDPR demands a legal obligation to notify the supervisory authority about a data protection violation within 72 hours after becoming aware.
QuestionPro has selected the Dutch DPA as the lead supervisory authority that regulates the data collected by QuestionPro. This is because our physical EU servers are located in the Netherlands.
In the event of a breach of the privacy policy, we, QuestionPro, are obligated to report this to the DPA in the Netherlands.
Corporate customers can also choose their own regulator. In the event of data breaches, the company itself must then inform the competent authority as soon as we inform them about the breach.
In cases where a data breach occurs without our involvement - for example, if a laptop containing a respondent's data is stolen - it is up to our customers to inform their own supervisory authority of the breach.
QuestionPro provides its corporate customers with mechanism for choosing the Data Protection Authority.
Further information about the GDPR / GDPR & QuestionPro
Data processing agreement
QuestionPro will provide a standard data processing agreement to all customers setting out our obligations as a data processor.
We understand that most companies have their own data protection and data processing agreements which QuestionPro will sign and accept when using its survey and analytics platform after sufficient review. This process is only available to our Enterprise Licence customers. Enterprise Licensed customers can request changes to the standard GDPR agreement, but it typically takes 30-60 business days for changes to our standard GDPR to be approved.
A non-modifiable standard data processing and data protection agreement is provided for all other customers.
Right to be forgotten
When respondents click on Privacy & Data Protection, they may request the deletion of their data. This also applies to the stored survey data. In addition, respondents may also request that all tracking data about the user is deleted. QuestionPro automatically removes this data from its servers.
Purpose of data collection
When respondents click Privacy & Data Protection, the stated purpose of the data collection is listed. Solely survey initiators are responsible for the contents.
QuestionPro offers its customers the following standard formulations for standard data processing agreements:
- Use of data for research purposes only.
- No commercial sale of data.
- Respondents will not be contacted for marketing or sales purposes.
It is up to the customer to decide which options to choose. The content can also be customized.
The default options are available in German, English, Spanish, French, Arabic, Hebrew, Japanese and Chinese. Additional languages can be added - however, customers must provide the content and translations themselves.
Do you have further questions about the GDPR / GDPR compliance?
Get in touch with us!
We are always happy to advise you on all questions about the GDPR / GDPR compliance in online surveys! For your questions, use the QuestionPro FAQ sheet. Here you can ask us your question and we answer this in detail on our websites.
State data protection officers
of the European Union
Here you will find a list of data protection officers from the countries of the European Union.
