The General Data Protection Regulation (GDPR) is not far away and will place a strong burden on organisations to protect data! If you use online surveys to collect any kind of personal information, you need to know how to create GDPR compliant surveys. This guide will show you how in a few simple steps!
It is really easy to sign up and start collecting data, however, with the change in legislation taking place on 25 May, you need to know if the surveys you are sending out are GDPR compliant. This assurance will give your respondents the peace of mind that they have greater control over how their personal data is being used.
If your survey is asking for any type of personal information, you need to gain explicit consent from the respondent. This can be very easily done by inserting a question at the start of the survey explaining the type of data you will be collecting and what it will be used for. If respondents are happy to provide the information, they can continue to take part in your survey. If they do not consent, they can be easily sent to the end of the questionnaire where you can thank them for their time.
There is a wave of information flooding the internet about GDPR compliancy; however, let’s get granular and answer some of the most frequently asked questions about GDPR compliant surveys.
How to create GDPR compliant surveys
When creating a new survey, the first thing to consider is making it GDPR compliant. With one simple question at the start of the survey, you can ensure your respondents opt-in to completing your survey. Keep in mind that consent has to be freely given, it must be affirmative, and you must give respondents the ability to withdraw consent.
Steps to create a survey
- Sign up with a data processor that complies with the new GDPR legislation. Read our checklist on 8 ways SmartSurvey can help you be GDPR compliant when collecting data.
- Once you have signed up, login to your account.
- Create a new survey - It’s simple to create any type of survey, our easy-to-follow help guide in our Knowledge Base takes you through the process of creating a survey step-by-step.
- When you reach the survey design stage to start setting up your questions, you need to implement the first step in making sure your survey is GDPR compliant.
- In the first question, add your own specific instructions in the Question Text box – We have used the following example - ‘Do you agree to take part in this survey sent to you by (add the name of your organisation if necessary)?
- Make it clear to the respondents how you plan to use that data – in our example, we added, ‘The data collected will be used to improve the products and services offered to our customers’
- From the Question Type drop-down box, select Multiple Choice (Only One Answer).
- Select your Display Options.
- Type in your Answer Choices - Ensure each answer is typed on its own line:
- I am happy to take part in this survey sent to me by (your organisation name)
- I do not want to take part in this survey
- Click Add Question.
- Respondents that click the button saying they are happy to take part in your GDPR compliant surveys can continue to answer your questionnaire. Remember to make sure that you have the proper opt-out processes in place, using skip logic.
- If they click the button saying that they do not want to take part in your survey, they cannot continue with the questionnaire. You then need to set up Skip Logic to send the respondent directly to the Thank You Page of your survey.
- Create your own Thank You Page - here you can thank them for their time and explain why you require consent to collect personal data.
Helpful Tip* - set up all the questions in your survey before setting the skip logic rules.
GDPR consent example for email and marketing purposes
Depending on your business, you may have differing reasons for contacting consumers with GDPR compliant surveys. The new regulation sets a high standard for consent, offering individuals real choice and control. As the ICO’s guide on GDPR Consent specifies - Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
You may want to itemise the different reasons that you will be contacting your customers, as shown in our example GDPR template form below.
Helpful tips on GDPR
- The introduction of GDPR gives organisations the opportunity to build trust in the marketplace. You can gain a competitive edge by communicating with customers in a more personal and engaging manner
- Consent requires a positive opt-in, as our guide to creating a GDPR compliant survey demonstrates. Don’t use pre-ticked boxes or any other method of default consent
- Guidance on complete GDPR compliance throughout your entire organisation is a job for your Data Protection Officer, but we can help you make sense of the bit of it relating to sending online surveys. Get in touch if you would like access to our GDPR templates
Consent to take part in your surveys may not always be required and may, in fact, be inappropriate or misleading at times, in these cases, there may be a different legal basis for processing data that may be more relevant. In some cases, it may be possible that the survey asks for absolutely no personal data and therefore, any such surveys would not require consent.
Find out how well prepared you are or if there are still some data protection issues you need to consider with our GDPR compliance checker. You will receive a review of each answer on the results page at the end of the survey. The IT Governance website provides more information on gaining explicit consent under the GDPR.
Disclaimer: This blog post does not constitute legal advice nor does it guarantee compliance with any legislation including GDPR. It is only intended as background information to supplement your knowledge and awareness. We recommend you obtain the advice of a suitably qualified individual for guidance and ensuring compliance.