SurveyToGo contains specific GDPR settings aimed at Data Controllers using SurveyToGo to collect Personal Identifiable Information. The GDPR settings are both organization-wide and survey/question specific. Please read this guide carefully to learn about all the available settings and how to use them.
Organization-Wide GDPR Settings
The Organization-wide GDPR settings enable you to self attest that you are a compliant Data Controller. Please note though that this is only possible for customers that have the HTTPS/SSL upgrade active as transmitting data in encrypted format is a requirement for secure data transmission and as such, if HTTPS/SSL is not active for your account the self attested compliant settings can't be set. Read here about how to upgrade your organization to use HTTPS/SSL for secure encrypted data communication for your organization. To access the GDPR settings:
Right click the "Organization" node and select "Organization Properties":
Then switch to the "GDPR" tab:
The following settings are available:
|GDPR Compliance||Allows you to self attest that you are a GDPR Compliant Data Controller.|
|GDPR DP Officer Details URL||A link to a page on your company website with information about your company Data Protection Officer including his/her contact details.|
|GDPR Lead Supervisory Authority (LSA) URL||A link to a page on your company website which details your GDPR Lead Supervisory Authority (LSA)|
Survey Related GDPR Settings
As you are setting up your survey script that will be used to collect data, SurveyToGo enables you to configure the following GDPR related settings:
|PII (Personal Identifiable Information)||Question||For each question you can signal that the question contains Personal Identifiable Information (PII). Click here to learn more about PII Questions.|
|GDPR Consent Question||Survey||One question in the survey can be marked as a GDPR Consent question. This is usually a yes/no question (but can be any other type) asking the EU citizen to provide consent for collecting data about him/her. This will later allow you as a Data Controller to more easily locate the specific consent given by the EU Citizen for any interview.|
|GDPR Respondent Unique Identity Key||Survey||One question in the survey can be marked as a GDPR Respondent Unique Identity Key. This question usually will contain the ID number of the EU Citizen, Phone number or any other unique number/text that allows you as a Data Controller to later locate the respondent to more easily service his/her GDPR related requests.|
All the above settings are set from the question "Advanced" tab:
Exporting of GDPR Survey Variables
Once you configure all the GDPR settings of the survey, when you later export the data SurveyToGo allows to check the box: "Export GDPR variables". This will add GDPR related variables at the end of the Data Output file . The GDPR variables will include the consent, the respondent unique identity and any PII question and all will be marked with specific GDPR prefixes. This will enable you to more conveniently locate the GDPR related data, standardize your filing of GDPR related collected data on your end and allow for easier servicing of GDPR related queries from EU Citizens. Here is how to export GDPR related variables:
During the export wizard, in the Data Options tab, check the "Export GDPR variables box:
To better explain what this option will do, lets consider this short example survey with the following 6 questions:
In this survey, Q_Willing will be our GDPR Consent question, Q_Phone will be the GDPR Unique Respondent Identity question and Q_Address will be marked as a PII question. The other questions are not collecting any PII.
Now, after filling in 3 complete interviews, we will go ahead and export the data to Excel and check the "Export GDPR Variables" box. The file we will receive will contain the standard output data of all the question variables:
However, at the end SurveyToGo will add another set of GDPR specific variables:
These variables represent the GDPR Consent question, GDPR Respondent Unique Identity question and any PII questions marked in the survey. This easy layout of all the GDPR related variables at the end of the Data Output file will make it super convenient for Data Protection Officers and Data Processing teams to access and classify the GDPR related data without the need to know specific survey related variable names as all the GDPR related data is classified in standard variable prefixes and is located at the end of the Data Output file. In our example, while Q_Willing and the GDPR-Consent variables are essentially the exact same (As Q_Willing is marked as the consent question), The Data Processing/Protection teams do not need to know that in this survey Q_Willing is the consent question, because the GDPR-Consent generic variable can be accessed and is the same across all surveys regardless of the survey specific question variable.