With the introduction of the General Data Protection Regulation on May 25, 2018, a significant change occurred in how organizations handle personal or sensitive data. It is important for organizations to ensure their feedback or data collection surveys are GDPR compliant.
Here are some tips for your data collection surveys to be GDPR compliant in 2020.
Seven tips to conduct GDPR compliant surveys in 2020
- Eliminate sensitive data: Proceed and analyze the amount of survey data that carries a “high-risk” tag. Try to segregate all the data you possess, including the data managed by the third parties. Get rid of unwanted, risky, and sensitive data that might cause the GDPR or the forthcoming CCPA (California Consumer Privacy Act) violation.
- Review the process: After ensuring your surveys are compliant with GDPR, review the data mapping process and check it against a broader definition of ‘Personal Information.’ Do check if your information mapping complies with the CCPA and other data protection laws.
- Appoint a legal adviser: Make sure that all the vendor agreements and contracts are reviewed by legal counsel.
- Handle right to delete requests actively: Prepare a concrete plan to respond to opt-out or deletion requests from the data subjects. In your case, data subjects will be the survey respondents participating in the GDPR survey.
- Privacy notice: It is a public document that needs to be published by the organization willing to survey in 2020. The document must explain the process adopted by the organization to process personal data and how it complies with the latest data protection policies.
- Rigid compliance framework: Ensure your data policies are in line with the GDPR and emerging CCPA guidelines at the time of creating a regulatory compliance framework. It will help you deal with a large chunk of data created daily.
- Flexible policies: Every organization conducting a survey in 2020 for data collection should be flexible enough to adapt to the rapidly changing data protection landscape.
How to create surveys that are GDPR compliant in 2020?
While there are rules to keep in mind that ensure complete data privacy and security of respondents, organizations can continue gathering data for their market research. They just need to be aware of the dos and don’ts. Below are some of the ways you can collect data using a reliable GDPR compliant survey platform.
- Anonymous survey: If you are conducting a survey anonymously without collecting personal data, then the GDPR implications do not apply to you. However, an anonymous survey means an obligation that prevents respondents from being identified. It’s a study that is intended to collect information that in no way can be traced back to the respondent’s identity.
- Proof-of-Consent: According to Article 7 in GDPR, survey respondents must give or sign the consent allowing organizations to collect and handle their data. Thus, conducting a GDPR survey in 2020 makes it mandatory to add proof-of-consent regarding the purpose behind collecting and processing personal data. Remember, timing does matter while asking for consent in such surveys. All the survey respondents need to give their consent before taking the survey.
- Data Protection Officer: Appointing a Data Protection Officer (DPO) is necessary for all the organizations handling a large amount of data.
- Data retention policy: Go ahead and conduct a GDPR survey in 2020 as long as the data you intend to collect is not sensitive. If the collected data is confidential, do not retain the information longer than required. As per the regulation, you are allowed to keep the data as long as you want it for benchmarking and further statistical analysis. However, you need to ensure that the data is stored securely.
- Data breach safety protocol: If a data breach occurs in your company despite taking all the efforts and measures, report such occurrence to the concerned supervising authority within 72 hours of its occurrence.
- Hire an online survey platform: An organization is allowed to hire the services of a reputed survey service provider for conducting a GDPR survey in 2020 and managing the data. However, organizations need to ensure that the appointed service provider is verified, GDPR compliant, and has a legal processing agreement in place. It is necessary to conduct thorough research before selecting an online survey service provider. Access survey solution provider on the scale of accessibility, availability, reliability, and quality of support. Last but not least, check if the survey platform you chose is ISO certified and has a trusted information management system.