Guide on creating GDPR compliant surveys

The General Data Protection Regulation (GDPR) is not far away and will place a strong burden on organisations to protect data! If you use online surveys to collect any kind of personal information, you need to know how to create GDPR compliant surveys. This guide will show you how in a few simple steps!

It is really easy to sign up and start collecting data, however, with the change in legislation taking place on 25 May, you need to know if the surveys you are sending out are GDPR compliant.  This assurance will give your respondents the peace of mind that they have greater control over how their personal data is being used.

GDPR header
GDPR compliance with data collection

If your survey is asking for any type of personal information, you need to gain explicit consent from the respondent. This can be very easily done by inserting a question at the start of the survey explaining the type of data you will be collecting and what it will be used for. If respondents are happy to provide the information, they can continue to take part in your survey. If they do not consent, they can be easily sent to the end of the questionnaire where you can thank them for their time.

There is a wave of information flooding the internet about GDPR compliancy; however, let’s get granular and answer some of the most frequently asked questions about GDPR compliant surveys.

How to create GDPR compliant surveys

When creating a new survey, the first thing to consider is making it GDPR compliant. With one simple question at the start of the survey, you can ensure your respondents opt-in to completing your survey. Keep in mind that consent has to be freely given, it must be affirmative, and you must give respondents the ability to withdraw consent.

Steps to create a survey

  1. Sign up with a data processor that complies with the new GDPR legislation. Read our checklist on 8 ways SmartSurvey can help you be GDPR compliant when collecting data.
  1. Once you have signed up, login to your account.
  1. Create a new survey – It’s simple to create any type of survey, our easy-to-follow help guide in our Knowledge Base takes you through the process of creating a survey step-by-step.
  1. When you reach the survey design stage to start setting up your questions, you need to implement the first step in making sure your survey is GDPR compliant.
  1. In the first question, add your own specific instructions in the Question Text box – We have used the following example – ‘Do you agree to take part in this survey sent to you by (add the name of your organisation if necessary)?
  1. Make it clear to the respondents how you plan to use that data – in our example, we added, ‘The data collected will be used to improve the products and services offered to our customers’
  1. From the Question Type drop-down box, select Multiple Choice (Only One Answer).
  1. Select your Display Options.
  1. Type in your Answer Choices – Ensure each answer is typed on its own line:
  • I am happy to take part in this survey sent to me by (your organisation name)
  • I do not want to take part in this survey
GDPR compliant surveys
Creating GDPR compliant surveys
  1. Click Add Question.
GDPR compliant surveys
Example of GDPR compliant surveys
  1. Respondents that click the button saying they are happy to take part in your GDPR compliant surveys can continue to answer your questionnaire. Remember to make sure that you have the proper opt-out processes in place, using skip logic.
  1. If they click the button saying that they do not want to take part in your survey, they cannot continue with the questionnaire. You then need to set up Skip Logic to send the respondent directly to the Thank You Page of your survey.
  1. Create your own Thank You Page – here you can thank them for their time and explain why you require consent to collect personal data.

Helpful Tip* – set up all the questions in your survey before setting the skip logic rules.

GDPR consent example for email and marketing purposes

Depending on your business, you may have differing reasons for contacting consumers with GDPR compliant surveys. The new regulation sets a high standard for consent, offering individuals real choice and control. As the ICO’s guide on GDPR Consent specifies – Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.

You may want to itemise the different reasons that you will be contacting your customers, as shown in our example GDPR template form below.

GDPR compliant surveys
GDPR consent templates

Helpful tips on GDPR

  • The introduction of GDPR gives organisations the opportunity to build trust in the marketplace. You can gain a competitive edge by communicating with customers in a more personal and engaging manner
  • Consent requires a positive opt-in, as our guide to creating a GDPR compliant survey demonstrates. Don’t use pre-ticked boxes or any other method of default consent
  • Guidance on complete GDPR compliance throughout your entire organisation is a job for your Data Protection Officer, but we can help you make sense of the bit of it relating to sending online surveys. Get in touch if you would like access to our GDPR templates

Consent to take part in your surveys may not always be required and may, in fact, be inappropriate or misleading at times, in these cases, there may be a different legal basis for processing data that may be more relevant. In some cases, it may be possible that the survey asks for absolutely no personal data and therefore, any such surveys would not require consent.

Find out how well prepared you are or if there are still some data protection issues you need to consider with our GDPR compliance checker. You will receive a review of each answer on the results page at the end of the survey. The IT Governance website provides more information on gaining explicit consent under the GDPR.

Disclaimer: This blog post does not constitute legal advice nor does it guarantee compliance with any legislation including GDPR. It is only intended as background information to supplement your knowledge and awareness. We recommend you obtain the advice of a suitably qualified individual for guidance and ensuring compliance. 

GDPR Compliance for Data Collection

Find out more about being GDPR compliant

ENQUIRE HERE

4 thoughts on “Guide on creating GDPR compliant surveys

  1. GDPR is all about having the purpose of your survey out in the open seeking active consent from participants. This article provides some really great tips on how to create a survey the right way when it comes to the policy. Quite insightful!

  2. I don’t think this article adequately addresses all the requirements of GDPR. For example:
    – the need to declare up front, when capturing consent, now long the data will be retained for, and the need for a process for deleting the data after that period
    – the right of the individual to withdraw consent and be forgotten – meaning you need a process for identifying and deleting their response
    – Subject Access Requests – how people can raise them and your process for responding

    1. Hi Mike, thanks for your feedback, you are correct that there are many different requirements for GDPR compliancy. Our aim with this blog was to cover how to create a new survey and add a question at the start to ensure that respondents opt-in to completing the survey. If you would like to talk to us regarding any of the other areas that you mention, please get in touch with the support team, they would be happy to help.

Leave a Reply

Your email address will not be published. Required fields are marked *