GDPR calls for a legal obligation for the notification to supervising authority regarding a data breach within 72 hours of knowing about it.
As such, due to the fact that QuestionPro operates pan-Europe and most companies collect data and impact citizens of multiple countries within the EU, GDPR allows for selecting a “Lead Supervising Authority” - QuestionPro has selected the Dutch - DPA as the lead supervising authority that governs data collected by QuestionPro. This is partly because our physical servers are located in the Netherlands.
In case of a data breach, at QuestionPro, we will be obligated to notify and DPA in the Netherlands.
In some cases, each of our clients may want to select their own Supervising Authority. Our customers must then use their own supervising authority and can notify them about a data breach as soon as we notify you.
In cases where there is a data breach without our involvement - example a laptop with data from survey respondents gets stolen, it is up to our clients to notify their own supervising authority regarding the breach.
QuestionPro will provide a mechanism to select the Lead Supervising Authority that each of our clients in the EU want.
This feature is available with the following licenses :