The GDPR came into effect on May 25, 2018.
The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU. The GDPR primarily aims to give control to EU citizens and residents over their personal data and how it is processed.
The GDPR applies to any organization that processes the personal data of EU data subjects, regardless of whether the organization has a presence in the EU or whether the processing is conducted within the EU.
It is likely that the GDPR affects your organization if you: collect, store, manage, or analyze personal data of any type, including email addresses.
As disclaimed at the top, we suggest you perform your own research and get legal advice on how the GDPR will affect your business, however below are key points to consider:
When data is collected, it must be clear as to what is being collected and the purpose for collection and processing.
Data should only be used for the intended purpose, it should not be collected and stored for future possible use. Only the data needed to fulfil the intended purpose should be collected and processed.
Ensure data is stored only as long as is required, without unnecessary replication, and with appropriate controls and restrictions in place.
Organizations must be able to demonstrate to the governing bodies that they have taken the necessary steps appropriate for the risk their data subjects face. To ensure compliance, organizations must ensure that every step within the GDPR strategy is auditable and can be compiled quickly and efficiently.
The GDPR requires that you use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site and/or app. For the purpose of collecting survey results with FourEyes, you must manage consent and explain in clear terms how you intend to use the information.
FourEyes does not track you or your survey respondents outside of our website, use or share your data or your survey responses, and IP addresses are anonymized upon processing. You must obtain explicit consent from respondents in the EU if you are creating surveys that request personal data, such as:
FourEyes has been incorporating “privacy by design” since our inception, which has made becoming GDPR compliant relatively painless. With GDPR having taken effect on May 25, 2018, we want to assure you that we are fully compliant with the regulation.
As part of our “privacy by design” principle, and as mandated by the GDPR, we will continue to store your data and your respondents data securely with very strict access policies in place.
Beyond ensuring that you are obtaining explicit consent for the collection of any personal data from users in the EU, you must respond in a timely manner to valid requests to delete a user’s data as well as requests to provide a copy of the user’s data to them.
When a respondent requests that you delete their data, you can use the Visual Reports tool to delete the individual’s data or to export to PDF to provide the requestor with a copy of their data.
To help locate the user’s data you can use filters on the Visual Reports page:
Ensure that the record data matches the individual requesting the deletion or export, then you can view the respondent report and choose to Download Report PDF and/or delete the report as appropriate to the request.