SurveyToGo and GDPR


SurveyToGo contains specific GDPR settings aimed at Data Controllers using SurveyToGo to collect Personal Identifiable Information. The GDPR settings are both organization-wide and survey/question specific. Please read this guide carefully to learn about all the available settings and how to use them.


Organization-Wide GDPR Settings

The Organization-wide GDPR settings enable you to self attest that you are a compliant Data Controller. Please note though that this is only possible for customers that have the HTTPS/SSL upgrade active as transmitting data in encrypted format is a requirement for secure data transmission and as such, if HTTPS/SSL is not active for your account the self attested compliant settings can't be set. Read here about how to upgrade your organization to use HTTPS/SSL for secure encrypted data communication for your organization.  To access the GDPR settings:

Right click the "Organization" node and select "Organization Properties":


Then switch to the "GDPR" tab:

The following settings are available:

Setting Description
GDPR Compliance Allows you to self attest that you are a GDPR Compliant Data Controller. 
GDPR DP Officer Details URL A link to a page on your company website with information about your company Data Protection Officer including his/her contact details. 
GDPR Privacy Policy URL A link to a page on your company website which includes the Privacy Policy, Data Protection Policy and any other Policy you deem important that EU Citizens have access to in order to be a compliant Data Controller. 
GDPR Lead Supervisory Authority (LSA) URL A link to a page on your company website which details your GDPR Lead Supervisory Authority (LSA) 


Survey Related GDPR Settings

As you are setting up your survey script that will be used to collect data, SurveyToGo enables you to configure the following GDPR related settings:

Setting Scope Description
PII (Personal Identifiable Information)  Question For each question you can signal that the question contains Personal Identifiable Information (PII). Click here to learn more about PII Questions.
GDPR Consent Question Survey One question in the survey can be marked as a GDPR Consent question. This is usually a yes/no question (but can be any other type) asking the EU citizen to provide consent for collecting data about him/her. This will later allow you as a Data Controller to more easily locate the specific consent given by the EU Citizen for any interview.
GDPR Respondent Unique Identity Key Survey One question in the survey can be marked as a GDPR Respondent Unique Identity Key. This question usually will contain the ID number of the EU Citizen, Phone number or any other unique number/text that allows you as a Data Controller to later locate the respondent to more easily service his/her GDPR related requests. 

All the above settings are set from the question "Advanced" tab: 


Setting Scope Description
GPS Decimal Accuracy Limit Survey The decimal accuracy needed when GPS is captured in digits.
Subject Location is Private Information Survey Enable if you would like the subject location to be set as Private Information for the survey.

All the above settings are set from the Survey "GDPR" tab:

Exporting of GDPR Survey Variables

Once you configure all the GDPR settings of the survey, when you later export the data SurveyToGo allows to check the box: "Export GDPR variables". This will add GDPR related variables at the end of the Data Output file . The GDPR variables will include the consent, the respondent unique identity and any PII question and all will be marked with specific GDPR prefixes. This will enable you to more conveniently locate the GDPR related data, standardize your filing of GDPR related collected data on your end and allow for easier servicing of GDPR related queries from EU Citizens. Here is how to export GDPR related variables:

During the export wizard, in the Data Options tab, check the "Export GDPR variables box:



To better explain what this option will do, lets consider this short example survey with the following 6 questions:


 In this survey, Q_Willing will be our GDPR Consent question, Q_Phone will be the GDPR Unique Respondent Identity question and Q_Address will be marked as a PII question. The other questions are not collecting any PII.

Now, after filling in 3 complete interviews, we will go ahead and export the data to Excel and check the "Export GDPR Variables" box. The file we will receive will contain the standard output data of all the question variables:


However, at the end SurveyToGo will add another set of GDPR specific variables:


These variables represent the GDPR Consent question, GDPR Respondent Unique Identity question and any PII questions marked in the survey. This easy layout of all the GDPR related variables at the end of the Data Output file will make it super convenient for Data Protection Officers and Data Processing teams to access and classify the GDPR related data without the need to know specific survey related variable names as all the GDPR related data is classified in standard variable prefixes and is located at the end of the Data Output file. In our example, while Q_Willing and the GDPR-Consent variables are essentially the exact same (As Q_Willing is marked as the consent question), The Data Processing/Protection teams do not need to know that in this survey Q_Willing is the consent question, because the GDPR-Consent generic variable can be accessed and is the same across all surveys regardless of the survey specific question variable.


Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


1 comment
  • very very very good

    Comment actions Permalink

Please sign in to leave a comment.