How-to: Privacy Assistant (GDPR)
English | Deutsch
GDPR in EFS
Beginning on 25th May, 2018, the General Data Protection Regulation (GDPR) redefines the legal requirements to conduct surveys. Users who seek to obtain insights from their respondents have to follow new rules when they process personal data relating to respondents. Some of the key changes are:
The GDPR rises the bar for relying on valid consent for conducting surveys. A valid consent requires a clear, informed, explicit and affirmative statement from your respondents. Users must inform respondents about the survey in clear and plain language. Pre-ticked consent boxes are prohibited and will not serve as a valid consent.
When they collect and assess feedback data, users must to be able to demonstrate how they comply with the new data protection regulation, e.g. users must define the purpose of data processing prior to each survey.
Personal data shall not be kept longer than is necessary for the purpose of the processing, i.e. feedback assessment. This implies that there is a time limit how long personal data can be used after the survey. Therefore, users should define a retention period for respondent’s personal data after which such data will be deleted.
The GDPR provides respondents with several rights, including a right to object any data processing, a right to withdraw consent and to transfer their data in a commonly-used machine readable format.
Supervisory authorities have powers to impose significant fines of up to Euro 20million or 4% of total worldwide annual turn-over for users that do not comply with the GDPR.
If activated, Tivian’s Privacy Assistant
enables users to identify (“flag”) personal data prior to the survey to ensure complete and accurate deletion of personal data which is no longer needed after the survey.
supports users to create a “consent form” to obtain informed, explicit and valid consent from their respondents.
offers a library of purposes statements to provide adequate information to respondents about the purpose for data processing.
helps users to provide statutory information to their respondents as required by the GDPR, e.g. contact information, individual rights, retention period and many more.
allows users to create an information sheet for respondents on their personal data which can be exported (data portability).
Activating the Privacy Assistant
You activate the Privacy Assistant to conduct the surveys in accordance with the General Data Protection Regulation (GDPR) for new and existing projects. The Privacy Assistant is available for both new and existing projects and can be used for the following project types: Anonymous survey, Personalized survey, Employee survey, Panel survey, and Master data survey.
New projects
You activate the Privacy Assistant for a new project by ticking the corresponding option under the tab New project. The Assistant is already activated by default. The survey status can only be set to Active once the duration of data retention period has been configured. You deactivate the Privacy Assistant by unchecking the box.
You click on the info link to get a brief overview of the most important general data protection regulations for you as a user of Survey. There you will also find an overview of the scope of functionalities available in the Privacy Assistant.
Existing projects
For existing projects, you activate the Privacy Assistant by checking the Option under Project properties and clicking Save. The survey status is then automatically set to No further participations. This setting will remain in effect until you have configured the data retention period. This also applies to copies of projects that have been activated without the Privacy Assistant.
Path:
[Existing project] → Survey menu → Project properties → General options
The project status of a survey for which the Privacy Assistant was activated can be set to Active even if the consent form has not been configured, yet. Only the duration of data retention needs to be defined.
The Privacy Assistant, which can be activated subsequently for existing projects, applies to the surveys that are started after editing and saving the consent forum, i.e. for which consent must be given to participate.
If you set the status of a project to Active, the Privacy Assistant can no longer be deactivated.
The portability of personal data
If a data subject addresses the request to you as the data controller to have access to the personal data collected about him or her, please contact support. You pass on this person's code and/or e-mail address. TIVIAN provides you with an overview of personal information about that person in a common and readable format.
The deletion of personal data
The personal data will be deleted at the end of the retention period defined for a specific project. In addition, the data subject has the option of contacting the data controller if he or she wishes to have the data deleted. You provide TIVIAN with the e-mail address and/or code of the participant who wishes to be deleted. In this way the participants can be identified in the system.
Deletion of personal data by the controller
One way of independently deleting personal data of all participants in a project can be found in the Survey menu under Test and Validation, where you can click on the button Delete personal data under Reset survey.
The personal data of all participants with a disposition code higher than 12 will be deleted.
The deleted data will no longer appear in MySight after the automatic synchronization. The data will be removed from existing dashboards. The personal data that have been deleted can no longer be found in the detailed view of a project and the corresponding participant lists.
Deleting Participants
Participants who do not participate in a survey cannot give their consent to data processing. They have no access to the consent form. Nevertheless, the data of these participants will be stored in the participant administration. As of the Fall release, you will be able to delete this data.
You can tick the option "Automatic deletion of personal data" to activate this feature. After ticking this option, a period of time has to be defined. If a participant will not participate in the survey within this period of time the personal data (e-mail, first name, surname) will be deleted automatically. The disposition code 43 is described as Personal data deleted.
By default, the feature is disabled.
Automatic deletion of invited panelists
In the Panel configuration of the People module you have the new menu item Automatic deletion of invited panelists. Now you can automate the deletion of both the Tell-a-friend
panelists (module:
Panel Website) and the panelists with panel status (module: Portals).
Tell a friend: You check the option "Delete invited panellists without reaction after" and set the number of years, months or days after which the invited panellists who did not respond to the invitation should be deleted.
Panelist with panel status: You check the option "Delete invited panelists without response after" and set the number of years, months or days after which the invited panelists who did not respond to the invitation should be deleted.
In addition, you select the panel statuses of the panelists to be deleted.
Disposition codes
Participants who have one of the disposition codes 20, 21, 22 and 23 will receive the disposition code 43 after deletion of their personal data. The purpose of this new disposition code is that participants who are in an 'intermediate state' such as 'participant is responding' (disposition code 21) can no longer participate in the survey after the deletion of their data.
Participants who do not give their consent will receive the disposition code 42.
ACL rights
You can control the work with the Privacy Assistant by assigning three ACL rights. In Options under the menu item Team rights you assign write and/or read rights of the ACL rights to teams.
Right | Read | Write |
|---|---|---|
gdpr_activities |
|
|
gdpr_activities_log |
| |
gdpr_purpose_templates | Consent form templates can be:
| Consent form templates can be:
|
The GDPR settings in the Questionnaire editor
After activating the Privacy Assistant, the next step will be to edit a Consent form. By using the Consent form, you inform the participants about the purpose of the data processing and the most important privacy information such as the name of the company, the contact data, the representation or the type of personal data and their use. You also specify the retention period.
You will find the GDPR settings area in the questionnaire editor, where you can define the data retention period and edit the consent form, mark personal data and create the consent form in different languages.
The GDPR menu can be opened under the menu item by either marking one of the links Personal data flagging, Duration of data retention or Consent form or clicking on the Edit icons.
Configuration of the languages of the consent form
The colored background of the three sections indicates whether and to what extent the sections are configured. The data retention period will turn green as soon as you specify a duration, either Exact or Unlimited. The new “Status” column shows you which languages have already been configured. These are marked either red (not configured) or green (configured). The overall status of the consent form results from the configuration status of the individual languages. Three statuses can be displayed in color:
Red: Neither the default language nor any of the other languages have been edited.
Yellow: The default language has been configured, but at least one of the other languages has not been configured.
Green: All languages have been edited.
If the consent form has the "Yellow" status, the consent form is considered as configured. By clicking on the menu item Personal data flagging, Data retention period or Consent form you will reach the GDPR settings, where you will find an overview area under the menu item "Mark personal data", which lists, among other things, all participant variables used in the project and questions used in the questionnaire, which you can mark here as personal data.
Depending on which team (e.g. administrator) you belong to, you have write and/or read rights to configure the language. You configure the language of the consent form for which your team has write permission. You can only read the content of the consent form in the languages for which your team has the read permission. If your team has neither read nor write permissions, the created languages are only listed in the questionnaire editor without you being able to read or edit them.
The flagging of personal data
For each question and variable you create, you have the option to tick "Flag question as personal data" resp. "Flag as personal data". Under the menu item Personal data flagging in the Questionnaire editor, you get an overview of participant variables and questions that were selected as personal data. In addition to this, you can mark other participant variables used in the project and questions that have not yet been marked as personal data.
The flagging of questions as personal data
For each question you create, you can select the checkbox next to “Responses to this question contain personal data and should be deleted automatically as specified under Data retention period.” to flag the question as personal data.
Path:
[Existing project] → Survey menu → Questionnaire editor → Page → Question
The flagging of c_ and p_ variables as personal data
On the User-defined variables tab, you will create c_ and p_ variables that can be flagged as personal data by checking the corresponding option. These variables are not deleted, but the value is reset.
Flagging variables as personal data
For each variable that you create, you have the tickable option "Mark as personal data". In addition to the ability to flag variables as personal data, some variables listed in the table are flagged as personal data by default. This default setting cannot be deactivated.
Path:
[Existing project] → Survey menu → Participant administration → Participant variable
The following variables are marked as personal data by default.
Variables | Participant data | System user | Org user |
|---|---|---|---|
u_account | u_account | ||
u_email | u_email | u_email | u_email |
u_firstname | u_firstname | u_firstname | u_firstname |
u_name | u_name | u_name | u_name |
u_mobile | u_mobile | u_mobile | |
u_mobile2 | u_mobile2 | ||
u_gender | u_gender | u_gender | u_gender |
u_country | |||
u_street | u_street | ||
u_phone | u_phone | ||
u_adress (all) | |||
u_city | u_city | ||
u_www | u_www | ||
u_zip | u_zip | ||
remote_addr | |||
participant_latitude | |||
participant_longitude | |||
remote_host |
Duration of data retention
Under the menu item Duration of data retention, you can specify the duration for which the data should be stored by ticking the "Exact" option, you can dispense with setting an expiration date by ticking the "Unlimited" option, or you select the option “Immediately on completion”. If you activate this option, personal data will be deleted immediately after the completion of the survey.
You specify the duration of the storage in years, months or days. The start of the storage period depends on the individual start of the survey for each participant. The data will be deleted automatically after this period has expired.
The retention period of the personal data that is listed in the Installation Log cannot be changed. This data is kept permanently, i.e. until the project is deleted.
The default value for the retention period of personal data for Login Log or Admin Log is 90 days. You can increase this value. The maximum value is 360 days.
Consent form
You edit the privacy consent form in the questionnaire editor to use it for the current project. Before the survey will start, the consent form is going to be presented to the participants.
The sections of the consent form
Survey language and welcome message
Use the drop-down list to select a language. The default language is the default language of the survey. You create a welcome message, for which placeholders and known formats can be used.
In the section "Survey language" you generate a record, which allows you as the data protection officer or the data protection officer to print out and archive the consent form together with the entries in the configured languages. In this print version, additional information such as comment, date and options can be ticked.
Use the Preview button to call the questionnaire preceded by the consent form.
The selection of the consent form template
You use one of the templates created in Libraries by selecting one of these consent form templates via the drop-down list. The selection of the templates that are displayed to you depends on the language you have previously selected. The Manage templates link takes you to the Libraries where the consent forms created are managed.
Purpose statement
You use this text field to explain the purpose of the data processing. No content specifications will be made by TIVIAN. Filling in this field is mandatory.
Privacy information
In this section, you have three radio buttons at your disposal that allow you to decide, depending on the project requirement, whether you want to create a consent form and privacy notice, create a consent form, or create a privacy notice. The selection made regulates which of the fields appear and can be filled in.
GDPR Consent messages
You can maintain the labels of the consent form central. You enter the corresponding labels in the selected language, which will then be displayed in the questionnaire view.
Portal registration
It is possible to obtain consent to process personal data from new users registering on your portals. When the setting is configured, the portal login dialog has a second checkbox under the Register tab.
You activate this under General settings in the CMS of Portals by ticking the option “Activate Privacy consent form”.
Configuring the consent form in the People module
In the module People under Panel configuration you will find the menu item “Consent form”, where you can create the consent form for the purpose of registering a panelist. In order to be able to use this feature to capture the consent of future portal participants, you must configure the consent form in default language, otherwise the checkbox will not be displayed. One configuration applies to all portals. This feature is available both for the login dialog via the portal and for inviting other panelists via e-mail. Otherwise the checkbox is not displayed.
In the People module, you have a language overview under the menu item Consent form configuration of the Panel configuration, so that you can immediately recognize in which languages the consent form has already been created.
Export and import including DSGVO messages (Language editor)
From now on, you can also export the headings and values of the approval form and the approval message using the export in the Language editor, provided the DSGVO option has been activated.
Libraries: Consent form templates
You do not have to configure the consent form for each project, but create consent forms under Libraries, which you will use when creating an consent form as required. Pre-filled forms depicting the most common use cases can also be found there, so that you have GDPR-compliant consent forms by means of minor but indispensable adjustments to your own project circumstances.
Path:
Navigation bar → System → Libraries → Consent form templates
Templates overview
Under the menu item Consent forms templates you will find a search, the three buttons Create template, Import templates and Export all templates and an overview table of the created templates.
You can edit, copy or delete existing form templates by clicking on the pen, copy or delete icon in the right column. You change the permissions, i.e. who has access to the consent form template, by clicking on the permission icon.
You have a language identifier that allows you to filter the consent form templates by language.
Create new template
To create a new form template, you click on the button Create template. Fields marked with an asterisk are mandatory and must be completed. The following fields are available:
Language identifier
You assign the consent form template to a language by ISO code so that you can select it in the questionnaire editor matching the language of the survey.
Name, description, content
You give the template a name and write a short description text. Enter the purpose of the data processing in the free text field "Content".
Privacy information
You can also enter the data protection information in advance in order to save it as a template. You specify:
Company name (controller)
Contact details
Controller's representative (if applicable)
What personal data will be collected and used
What special categories of personal data will be collected and used
Legal basis for processing
Recipient or categories of recipients of the personal data
Transfer of data to a non-EU/EEC country or international organisation, and safeguards
Statutory or contractual requirement
Automated decision making
Information on data subject rights
Information on right to withdraw consent
Information on supervisory authority
Name & contact details of data protection officer
Import templates
Use the Import templates button to download and upload consent form templates.
You proceed as follows:
Click on Download import template and select a target directory. The template is downloaded as an Excel file.
To import a Consent form template, select a file by clicking the appropriate button and saving it.
Select action
The overview table has the Export template and Delete template actions, which you can use for all templates on the page, for all templates created at all, or just for individual templates.
GDPR activities Log
A table is available under GDPR activities Log, which informs you about the GDPR activities by means of the columns data, actions, user and log entry.
In the People module under the menu item GDPR activites Log of the main navigation you call up the same table.
© 2022 Tivian XI GmbH