Organizations have scrambled to figure out how to comply. And what does compliance even mean on a day-to-day level?
While GDPR has been in effect for a few months now, many survey organizations are still coming to terms with compliance. For some this has meant a total re-design of their data collection and storing process. For others is has been a more passive, wait-and-see approach. Where is your organization on this spectrum?
In assessing compliance requirements, it is important to bear in mind that, at its core, the GDPR is about protecting the privacy and security of personal data (also referred to as personally identifiable information, or PII). Personal data is data that can be used to directly or indirectly identify a survey respondent. The good news is that if this type of data is handled properly, much of the GDPR compliance falls into place. Nonetheless, compliance with GDPR can seem daunting when one is collecting personal data on a daily basis across hundreds of surveys.
So let’s look at compliance and handling personal data. As a first step towards compliance, follow industry best practices. Our industry associations have always advocated that researchers treat respondent data with care, safeguard such data and ensure they have consent from survey participants.
Second, ensure that the way your organization manages personal data in particular is consistent with the principles of GDPR. Ask yourself the following: In any given survey, do you know which of the data you are collecting is defined as ‘personal’ under GDPR? Where is being stored? Would you be able to retrieve it quickly if a respondent asked for it? Do all of your employees really need access to personal data? Are you unnecessarily exposing personal data? What are you doing with personal data once you no longer need it for analysis?…and so on!
By now, you should have a firm grasp on the answers to these questions. This makes sense not just for compliance but it also makes good business sense. Did you know that once you properly anonymise personal data the GDPR requirements no longer apply? Thereby reducing both the compliance and financial burden of holding such data.
Be bold about GDPR. Take it as an opportunity to introduce best practices that govern the way your organisation protects the privacy of respondents. Use survey systems and tools that let your team manage personal data in a way that makes it easy to comply with GDPR.
Stay tuned for our next blog post on survey features for GDPR.