GDPR compliance
What is GDPR?
The General Data Protection Regulation (GDPR) is a data protection law that came into effect in the European Union (EU) on May 25, 2018. Following the UK’s departure from the EU, the UK implemented its own version, known as UK GDPR, which works alongside the Data Protection Act 2018.
GDPR is designed to give individuals greater control over how their personal data is collected, used, and stored. It applies to organisations operating in the UK and EU, as well as those outside these regions if they process the data of UK or EU residents.
For Jisc Online Surveys users, GDPR ensures that respondents’ personal information is handled transparently, securely, and with their consent.
Your responsibilities
The Online Surveys licensee (you or your organisation) acts as the Data Controller. Jisc acts as the Data Processor, only processing the licensee’s survey data in accordance with its instructions.
Compliance with the principles of GDPR, as far as respondent data goes, is the responsibility of the Data Controller. Users under each licence determine what data they collect from respondents, including whether they need to collect personal data at all, and if so, what they will do with it and how long they will keep it.
If you choose to collect personal data from your respondents, you must clearly state the purpose for collecting this data and how long it will be stored. Respondents have the right to request a copy of their stored data at any time and the deletion of their personal data under certain conditions.
How can Online Surveys help ensure compliance with GDPR?
Jisc has ensured that Online Surveys provides the tools you need so you can be compliant with GDPR. Here are some of the tools you can use:
Add a privacy notice to your survey
When creating your survey, we recommend the use of a privacy notice. This should explain to survey respondents how you plan to use any personal information you collect, and for how long you intend to keep it. Your organisation’s data protection officer may be able to provide advice and guidance on creating a suitable privacy notice for your survey.
You can use a Note to insert and format text content.
Obtain consent from your respondents
You can use a required choice question as a means of obtaining consent from respondents to process their personal data. You can use the screening feature to direct those who don’t consent away from the survey.
Delete a response
Users can delete an entire survey (and its data) and individual survey responses. This supports a respondent’s rights to erasure and rectification.
Support a respondent’s right to access their personal data
Users can download individual or all responses as they wish. This will allow you to provide a respondent with their response should they request it.
Security
Online Surveys is certified to ISO 27001– the recognised information security standard.
All Online Surveys user and respondent data is stored in the EU.