I was recently asked ‘is x compliant with the UK GDPR, where x was a popular online survey tool. My answer was ‘it depends’ and I really don’t like those answers, so I went on to explain that most software and online services are capable of being used in a way that is compliant with the UK GDPR and other data protection regulations, but it depends on how they are configured.
The survey tool in question is very popular, and there is no reason to prevent its use, but it must be properly configured. In the specific case of the client I mentioned, a flag needed to be set to enable an ‘Anonymous Responses collection’ option, and this would apply to most, but perhaps not all situations.
Where we act as DPO for charities, we always maintain a list of all software and online services, together with instructions on how they must be configured so that they are compliant. A challenged can be that the settings need to be checked each time, in this case every time a new survey is created.
So your DPO and your Tech team need to work together, and this will probably make a future guide for TinoPai members. For more information about the TinoPai programme, giving you access to our 20-minute insight calls, free webinars and more, please see https://zorva.info/what-is-the-tinopai-programme/