GDPR in Quest Settings
Under GDPR Settings you may enable/disable the GDPR feature on the Quest.
When enabled, the data subject will be presented with the information provided in the input boxes and will have to comply to the terms in order to be able to respond to the Quest.
- To enable or disable, navigate to Settings in the top pane, then GDPR Settings in the menu below. When you tick off the box next to Make This Quest GDPR Compliant, the data subject will be presented with the information provided in the input boxes and will have to comply to the terms in order to be able to respond to the Quest.
- The first thing you will see is a button called Define Personal Data Questions. If you click on it a window opens where the controller can flag questions and respondent data as personal data.
- Further down below you will see several template input fields:
Load template: this opens a window for selecting an existing template (templates are managed in the GDPR Statement Manager). Templates can be used as-is or tweaked to match the individual quest by modifying the data filled into the input fields. Templates work by copy, i.e. modifying data in the GDPR settings, will not affect any loaded template. Note that all fields except Retention period can be part of a template.
Save as template: this opens a window for saving the data currently provided in the GDPR settings as a template (all provided data except the Retention period will be included in the template). The template can be further modified in the GDPR Statement Manager.
Retention period: This defines how long the personal data will be stored before being deleted from the system. The retention period is calculated from the moment the data subject complies to the GDPR statement (more precisely: from the moment the data subject clicks next or submit on the first page of the quest). If the controller selects “Unlimited”, he/she will have to provide information in the field “Please explain criteria used to determine the retention period”.
Welcome message: This is a message that will be displayed above the GDPR statement on the consent page the data subject is presented with.
- Next to the input field for “Purpose of each processing operation for which consent is sought”, the controller has access to a set of pre-defined purpose statements that can be used when creating GDPR statements: