As of 25-May 2018, the new EU General Data Protection Regulation (GDPR) law replaced the existing Data Protection Directive 95/46/EC. When technology-led information systems and digital businesses are creeping into every aspect of human life, adopting the GDPR marked a major milestone in EU’s data protection laws.
Since the beginning, securing your data is one of our prime concerns and will remain so. Right from the incorporation, QuesitonPro has been providing best-in-class security and will continue to do so. Whether it is HIPPA or GDPR, we will always have you covered.
We have a dedicated GDPR page to showcase how we comply with the GDPR rules and regulations. The page also contains a list of names and contacts of EU GDPR authorities by the nation.
Here are links to some pages you might find interesting
How QuestionPro prepared to become GDPR Compliant
QuestionPro’s efforts to become GDPR compliant began months before the GDPR act came into existence. We started early because we value our customers and we value survey respondents and their right to privacy. Since we are storing all the data on physical servers in EU, the GDPR Compliance and complying with national and international data protection and privacy laws was the first thing on our plate.
A glimpse of our journey to become GDPR compliant
- First, we conducted thorough research on how our product and the organizations using it will be impacted by the GDPR.
- As per the guidelines, we started by appointing a Data Protection Officer.
- Brainstormed ideas and strategies to address the specific areas in our product that we supposed will be hugely impacted by the GDPR.
- We carried out necessary updates and improvements to our product to ensure GDPR compatibility.
- Implemented necessary changes in our process and procedures to achieve complete compliance with the GDPR rules and regulations.
What QuestionPro users need to know?
There are few things every QuestionPro user needs to know depending on their jurisdiction and situation. Here are a few impactful changes that according to us might affect you
- Standard Processor Agreement – We usually have a standard processor agreement for all our customers listing our obligations as a data processor. We do realize that QuestionPro might also need to sign data processor agreements owned by individual enterprises. However, we sign such agreements only for customers having Enterprise Licenses. For all other customers, we have a standard DPA and for whatsoever reason, we will not modify or negotiate the language in the agreement.
- Data Processing Agreement – All the users situated in the European Union region might be interested to sign a typical data processing agreement with us, we will be more than happy to do so. We have already updated our data processing agreement for our users situated outside the EU but conducting surveys to collect data from the EU residents.
- GDPR compliant contracts – Carrying forward our commitment to become GDPR compliant, we have had DPA agreements with both – the data center providers and cloud infrastructure providers ensuring all our contracts are GDPR compliant.
|NOTE: Information collected through online surveys solely belong to the concerned researchers or organizations, not under any circumstances do QuestionPro reuse, sell, or share the respondent data.|
How to create a GDPR compliant survey
- To ensure your organization is GDPR compliant
- Login to your QuestionPro Account
- Go to Account > Compliance >> GDPR tab
- Checkbox: ON / OFF – GDPR Compliance.
|NOTE: The GDPR compliance button is turned on by default if we are on our EU servers. However, other DC users might have to turn it on manually as shown above. (The effect of GDPR survey settings is at an organizational level, not user level.)|
- Once you switch on the button to enable GDPR compliance, you will be redirected to a new page
- Fill in the information of the Data protection officer appointed in your organization.
- Fill all the information including name, office, email, phone number, and all such mandatory details.
- Hit ‘Save Changes’
- Ensure all updated information clearly conveys the reason for which you are conducting the survey, what you plan to do with the collected data, and how long do you intend to save the respondent data.
- ‘Deletion requests’ displays the details of the respondent who do not wish to share his/her information with you or wants his/her personal data removed from your database.
|NOTE: QuestionPro’s DP officer in rare circumstances can represent your organization, only if you have our enterprise customers with Edge Support Agreement or an Edge Service Contract.|
If you have any questions regarding our GDPR compliance commitment you can get in touch with our customer support team.