GDPR Compliance

The GDPR came into effect on May 25, 2018.

This page is for informational purposes only. We strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU. The GDPR primarily aims to give control to EU citizens and residents over their personal data and how it is processed.

Who does the GDPR apply to?

The GDPR applies to any organization that processes the personal data of EU data subjects, regardless of whether the organization has a presence in the EU or whether the processing is conducted within the EU.

It is likely that the GDPR affects your organization if you: collect, store, manage, or analyze personal data of any type, including email addresses.

What are the key aspects of GDPR?

As disclaimed at the top, we suggest you perform your own research and get legal advice on how the GDPR will affect your business, however below are key points to consider:

FAIR AND TRANSPARENT PROCESSING

When data is collected, it must be clear as to what is being collected and the purpose for collection and processing.

RESTRICTION TO THE INTENDED PURPOSE

Data should only be used for the intended purpose, it should not be collected and stored for future possible use. Only the data needed to fulfil the intended purpose should be collected and processed.

LIMITS ON STORAGE OF PERSONAL DATA

Ensure data is stored only as long as is required, without unnecessary replication, and with appropriate controls and restrictions in place.

ACCOUNTABILITY

Organizations must be able to demonstrate to the governing bodies that they have taken the necessary steps appropriate for the risk their data subjects face. To ensure compliance, organizations must ensure that every step within the GDPR strategy is auditable and can be compiled quickly and efficiently.

Managing Consent

The GDPR requires that you use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site and/or app. For the purpose of collecting survey results with FourEyes, you must manage consent and explain in clear terms how you intend to use the information.

FourEyes does not track you or your survey respondents outside of our website, use or share your data or your survey responses, and IP addresses are anonymized upon processing. You must obtain explicit consent from respondents in the EU if you are creating surveys that request personal data, such as:

  • Biographical information, such as dates of birth, Social Security or tax identification numbers, phone numbers and email addresses.
  • Physical attributes and behaviour, such as eye colour, weight and physical or behavioral traits.
  • Workplace and educational information, such as salary, tax information and student identification numbers.
  • Religion, politics, location, such as religious affiliation, political opinions or involvement and location data.
  • Health and genetic information, such as medical conditions or history, genetic information, and leaves of absence from work.

How FourEyes helps you be GDPR compliant.

FourEyes has been incorporating “privacy by design” since our inception, which has made becoming GDPR compliant relatively painless. With GDPR having taken effect on May 25, 2018, we want to assure you that we are fully compliant with the regulation.

As part of our “privacy by design” principle, and as mandated by the GDPR, we will continue to store your data and your respondents data securely with very strict access policies in place.

Beyond ensuring that you are obtaining explicit consent for the collection of any personal data from users in the EU, you must respond in a timely manner to valid requests to delete a user’s data as well as requests to provide a copy of the user’s data to them.

Deletion requests

When a respondent requests that you delete their data, you can use the Visual Reports tool to delete the individual’s data or to export to PDF to provide the requestor with a copy of their data.

To help locate the user’s data you can use filters on the Visual Reports page:

  • Click the Show Filters button
  • Under Conditional filters select the question that would include their personal data, such as name or email address.
  • From the Choose a validation drop down menu, choose a custom value.
  • In the text box next to the validation, enter their personal data such as name or email.
  • Click the Add Condition button, then the Apply Filters button.
  • You should now see possible records pertaining to this user.
  • Click the Review all responses button to access individual reports.

Ensure that the record data matches the individual requesting the deletion or export, then you can view the respondent report and choose to Download Report PDF and/or delete the report as appropriate to the request.