The General Data Protection Regulation (GDPR) is a regulation intended to strengthen and unify data protection for all individuals within the European Union. We have created a few tools to make it easy for the controller to create GDPR compliant surveys.
The general features are quite simple. For all new quests created after the 25th of May 2018, GDPR will be enabled by default. This means that the controller will have to create a GDPR statement describing the purpose, duration etc. of collecting the data, and that the data subject will have to accept this on a comply page in order to respond to the quest. Moreover, the controller must make sure to flag any question containing personal data (by default, all open answer questions, as well as any uploaded respondent data, will be pre-flagged as personal data). When the retention period set for the personal data is up, all data flagged as personal (as well as the IP address) will be deleted from the system, and the respondent’s e-mail address will be anonymized.
We provide the following features:
The controller can create and edit GDPR statements, that can be used as templates when setting up a GDPR compliant quest.
The controller can apply and edit GDPR settings on GDPR enabled quests
The controller can flag and un-flag questions and respondent data as personal data
Data subjects will be presented with a comply page containing the GDPR statement and will have to comply to this in order to answer the quest.
GDPR settings accordion introduced to quest settings:
Make this quest GDPR compliant: Enables/disables the GDPR feature on the quest. When enabled, the data subject will be presented with the information provided in the input boxes and will have to comply to the terms in order to be able to respond to the quest.
Define personal data questions: Opens a window where the controller can flag questions and respondent data as personal data:
Load template: this opens a window for selecting an existing template (templates are managed in the GDPR Statement Manager). Templates can be used as-is or tweaked to match the individual quest by modifying the data filled into the input fields. Templates work by copy, i.e. modifying data in the GDPR settings, will not affect any loaded template. Note that all fields except Retention period can be part of a template.
Save as template: this opens a window for saving the data currently provided in the GDPR settings as a template (all provided data except the Retention period will be included in the template). The template can be further modified in the GDPR Statement Manager.
Retention period: This defines how long the personal data will be stored before being deleted from the system. The retention period is calculated from the moment the data subject complies to the GDPR statement (more precisely: from the moment the data subject clicks next or submit on the first page of the quest). If the controller selects “Unlimited”, he/she will have to provide information in the field “Please explain criteria used to determine the retention period”.
Welcome message: This is a message that will be displayed above the GDPR statement on the consent page the data subject is presented with.
The rest of the fields are described here:
Next to the input field for “Purpose of each processing operation for which consent is sought”, the controller has access to a set of pre-defined purpose statements that can be used when creating GDPR statements:
In Quest designer, the controller can easily see which questions and/or respondent data are flagged as personal data:
The controller has two ways of flagging questions and/or respondent data as personal data inside quest designer:
1. From question settings:
2. From Other actions > set properties on multiple questions:
In this window, we have in addition to adding the personal data set, also carried out the following changes:
Included respondent data
Introduced the “Type” column in order to distinguish between questions and respondent data.
GDPR Statement Manager
Access the GDPR Statement Manager from the side menu:
Like all managers in ESS, the user will have access to their own GDPR statements as well as the statements other users in the account have shared:
Shared statements will be shared with all users on the account. Users can use and edit other users’ shared statements, but only delete or un-share their own.
Each statement is mono-lingual, so translations are carried out by creating multiple versions of the same statement, each in their own language.
When creating and/or editing a statement, the controller has access to the same fields as described in “Quest settings” above, with the exception of retention period, which is treated as a quest-specific setting. In addition, he/she will have to tag the GDPR statement with a language using language control.
Before starting to answer a GDPR enabled quest, the data subject must comply to the consent page:
The main consent page will display the following data:
Welcome message (if it contains data)
Purpose of each processing operation for which consent is sought (a.k.a. the purpose statement)
Company name (controller)
Controller’s representative (if applicable) (if it contains data)
The rest of the fields are available by clicking the “here” link:
Deletion of personal data
Any personal data collected before 25th of May, 2018 has been automatically deleted.
Deletion of personal data from responses received prior to enabling GDPR on the quest
You have the option to delete personal data that was collected before you activated GDPR settings for any particular Quest.
You have a running quest with 50 collected responses. The controller enables GDPR and flags a few questions as personal data. The automatic deletion will take care of any new responses coming in, but for the existing responses, pre-GDPR activation, the controller will have to click “Delete personal data pre-GDPR” in order to do the same with the 50 existing responses.
Export and deletion of individual responses
To be able to cater for the GDPR requirements, data subjects (respondents) can request to either have their personal data exported in a readable format or completely deleted. In short this will consist of expanding the current delete function in the responses grid on the follow-up page, as well as when viewing an individual response in follow-up.
When opting to delete a response, the controller will be presented with two options:
Delete complete response (deleting every piece of data from and about a specific respondent)
Delete personal data (only delete data flagged as personal data (including IP address) and show respondent as anonymous.
The export in Essentials already caters for the export of personal data including the option to att IP address to the exported file.
Deletion of invitation data
When the controller uploads any respondent data (and an e-mail address or mobile number), we store this data in a database table separate from the table containing the responses. The system described above will therefore not be able to delete any data connected to the invitation – as opposed to the response. When the data subject responds to the quest, the uploaded invitation data is copied to the response table, and data flagged as the personal will of course be deleted from that table. The data will, however, remain in our system as part of the invitation. This is also true for data subjects who don’t answer the quest.
To cater for this, we will introduce a separate “invitation retention period” to the GDPR settings accordion, where the controller can define how long the data uploaded should remain in our system before being deleted. Moreover, we will also introduce a button for deleting the invitation data uploaded prior to enabling GDPR on the quest.
Example for employee engagement
Company name (controller)
Bogstadveien 54, Oslo
Controller’s representative (if applicable)
Kanzlei Vollpfeifen & Partner
Purpose of each processing operation for which consent is sought
The purpose for the processing of personal data for the defined use case is to comply with company regulations regarding continuous dialogue with employees about their work environment, job satisfaction, career opportunities and other elements relevant to their position in the company. Company will use the personal data in order to assess trends in employee satisfaction over years, in order to pinpoint areas where measures are needed for increased employee satisfaction, or to mitigate negative working environment.
What personal data will be collected and used
Name, email, IP address,
What special categories of personal data will be collected and used
sexual orientation, health information, trade union membership
Criteria used to determine processing period (if no retention period has been defined)
yes if unlimited retention period
after 250 survey are completed
Legal basis for processing
egitimate interest of controller or third party (if applicable)
evaluate and assess customer satisfaction, improve workplace culture and atmosphere
Recipients or categories of recipients of the personal data
HR, Senior managemant
Transfer of data to a non-EU/EEC country or international organisation, and safeguards
transfer to USA based on EU standards clauses
Statutory or contractual requirement (if applicable)
Automated decision making
Information on data subject rights
Information on right to withdraw consent
Information on supervisory authority
Name & contact details of data protection officer (if applicable)
Did you find an answer to your question? Under documentation we have gathered informative descriptions that helps you understand Essential's functionality fully. Through insight work, you raise the level of knowledge in the entire organization