The General Data Protection Regulation (GDPR) becomes law on 25th May 2018, and the clock is ticking. With only a few months to go, SmartSurvey can provide you with the tools, GDPR templates, and consultancy services you need to become fully compliant by the deadline date.
What challenges exist for data collection?
The world is becoming increasingly digital, and purchasers are using multiple devices and channels to research and buy what they need. The expanse of choice, coupled with a poor digital experience, is eroding trust amongst consumers. The GDPR will increase the awareness of privacy issues and give you the opportunity to re-establish trust with your customers.
Under proposals outlined by the government, individuals will have more control over what happens to their personal data. The UK’s Digital Minister Matt Hancock stated, "The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world."
Proposals included in the bill will:
- Make it simpler for people to withdraw consent for their personal data to be used
- Let people ask for data to be deleted
- Require firms to obtain "explicit" consent when they process sensitive personal data
- Expand personal data to include IP addresses, DNA and small text files known as cookies
- Let people access the information organisations hold on them much more freely
- Make re-identifying people from anonymised or pseudonymised data a criminal offence
This places a strong burden on organisations to protect data, and the GDPR sets severe fines for those who don’t comply if they fail to protect information or suffer a breach. Therefore, it’s more important than ever to select an online survey supplier with full GDPR compliance.
8 ways SmartSurvey can help you be GDPR compliant
Article 28 of the bill specifically says that you should only use a data processor that complies with GDPR, otherwise you are held responsible. So, what are the requirements for a data processor like SmartSurvey?
#1: Data security
Survey suppliers must implement appropriate technical and organisational measures and reasonable steps to secure data. At SmartSurvey, we take data security very seriously and have robust staff training lessons, exercises, and various policies to promote and ensure GDPR compliant technical and organisation measures.
ISO 27001 certified: Meaning we are fully compliant with the internationally recognised standard for the information security management system (ISMS). The standard requires systematic examination of any risks to information security, with comprehensive policies to manage those risks in place. By continuously updating our data security policies, we ensure that we are a proactive organisation, not a reactive one. Accredited certification to ISO 27001 validates that we are following international information security best practices. This demonstrates to our customers worldwide that we take the security of their data very seriously and ensures that all our client’s information is kept secure, showing our ongoing commitment to delivering an exceptional service.
Cyber Essentials Plus Certified: SmartSurvey is Cyber Essentials Plus Certified, a scheme designed to prevent the most prevalent forms of cyber-attacks and provide a higher level of assurance, tested by a qualified and independent assessor who simulates basic hacking and phishing attacks. The scheme is now a minimum requirement for bidding for some government contracts.
Access Control: Respondents access to surveys can be controlled by password and username protection. This feature ensures only a certain group of individuals, chosen by you the Administrator, are able to take the survey.
Firewall: Our firewall is set up as a separate machine that acts as a gateway for access to all other servers in our system. This firewall is designed to prevent hackers from entering the system and searching files and information. The firewall acts as a barrier so that we only have a single point of entry to our system, which is through the web browser. All of our internal databases and applications are shielded from any access outside the firewall.
McAfee Secure: SmartSurvey is tested and certified daily to pass the McAfee Secure Security Scan. To help address concerns about hacker access to confidential data, the "live" McAfee Secure mark appears only when a website meets the McAfee Secure standards.
HTTPS encryption: While we use HTTPS encryption to protect sensitive information online, we also do everything in our power to protect user information offline. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who require admission on a need to know basis, have access to them.
#2: Process personal data only in accordance to your instructions.
SmartSurvey takes exceptional care in understanding how you want the data to be processed. Our Data Protection Officer (DPO) is always on hand to assist you with this. Our solutions, both general and bespoke, always give you the control to process the data in a way which is GDPR compliant.
#3: Breach notification
We will inform you where we believe that a breach of GDPR occurs from your instructions. SmartSurvey’s DPO looks over how data is stored, transferred and is responsible for training the relevant staff. When someone identifies or suspects a breach of GDPR, it is instantly escalated to our DPO who looks at the issue and communicates his findings to reach a solution which helps you comply.
#4: Delete or return all personal data at end of service
SmartSurvey provides you access to all of your data through your account, this can be backed-up, rectified, or deleted in accordance to your needs.
#5: Enable compliance audits and help you with them
SmartSurvey takes a strong stance on helping its customers carry out compliance audits and helps you comply by using our service.
#6: Notify data controllers of data breaches
We have robust systems that notify us when a data breach occurs. As soon as SmartSurvey discovers a data breach has occurred, or even suspects one, it will communicate this to you and will provide you all the details to help you comply with your GDPR breach notification responsibilities.
#7: Appoint a DPO when required under the Regulation.
SmartSurvey has appointed a DPO and has a data protection team handling all aspects data protection and privacy – ranging from cyber security to legal compliance.
#8: Restrict Personal data transfer to a third country.
Any survey respondents’ data always remains in the UK, where we store it. Any other client files you share with us remain in the EEA unless you choose another method of communication, e.g. email. In such cases, we ensure from our side that our email provider caters for data storage of emails in the UK, or we would insist on its use of the Standard Model Clauses and where appropriate – the EU-U.S. Privacy Shield Framework.
GDPR Templates - next steps to be compliant
We can help you keep it simple, our technology and clear design means your data compliancy will be taken care of when collecting data. SmartSurvey can assist you with your GDPR compliancy journey and provide you with access to our GDPR Toolkit. Benefit from a detailed GDPR checklist, template forms that can be tailored to your organisation’s needs, and advice from our expert consultant to ease you through the process of complying with GDPR.