Since May of 2018, the General Data Protection Regulation (GDPR) has changed the way organizations are allowed to gather and manage personal data and it’s important to comply with to protect the integrity of your business. Non-compliance can result in fines up to 4% of your global revenue along with other penalties. Don’t fear these rules though. Because we get how complicated and intimidating GDPR can be, we are here to demystify it with these 5 tips that will ensure your survey feedback is both effective AND GDPR compliant!
Ask for Consent
While SurveyMe doesn’t mine for personal data, collecting personal data can be a key component to making an effective survey for some businesses. However, it is imperative to first ask for consent before gathering any information from your users. Before letting them enter any data into your survey form, you must ask for permission to collect and store their information. Let the user know how you will be using the data, if you will be sharing it with third parties or not, as well as where and how long you will store it. If they say “no” to your request, don’t continue to offer them the survey questions that collect personal data.
Verify Their Age
In order to offer a survey to someone, you must verify their age. An individual must be sixteen or older if you want to process their personal data. Do this before offering them the survey and save yourselves from a headache later on. If they’re not of age, you have to obtain consent from their parent or guardian before continuing.
Allow Them to Opt-Out
Let’s say that a user agrees to participate in your survey and then halfway through answering the questions, they decide they don’t want to give any more personal information to your organization. At this point, you have to offer them the option to opt-out. Be sure to flush their information from your database so that it’s not processed in your survey results. It’s also good practice to thank them for their time, even if they choose not to complete the survey! If you’d rather create an opt-out feature that doesn’t completely end the survey for your user, you can always make questions skippable so that the user doesn’t feel obligated to answer any questions they’re uncomfortable with. At SurveyMe, all of our surveys are constructed to collect the user’s opinions but not their private personal information. These are great practices for businesses who do not need information on demographics and it saves you the risk of mishandling personal data.
Offer the User Access to Their Data
Be sure to store your survey data in a way that can be accessed or edited if requested by a user. An individual has the right to request access to their stored personal data and even ask if it can be deleted. There are many ways you can offer the survey results in real-time. This assures users that their personal information such as name, birth date, and address are protected and will appear anonymous to the public. Here at SurveyMe, we believe anonymous feedback is extremely important, which is why we don’t collect any personal data!
Have a Breach Notification Process
In the case that your stored data is hacked or obtained by an unauthorized source, you need to have a plan in place to notify users of this breach. Create a breach crisis plan, train your employees on how to handle the situation, and report to your users within 72 of learning about the incident. It is your responsibility to inform users that their information has been acquired and you must let them know how you are taking action to protect their privacy. An easy way this notification process can be handled is through email.
If you’ve collected email addresses during your survey, the best way to notify these users would be via email. If you do not have their email addresses, you could post the notification on your website’s homepage and include a contact phone number.
By following these five tips, your surveys are sure to be effective and GDPR compliant. There are other rules you have to follow, but these will get you started on the right track to creating a survey that will not only protect your users but also your organization.