Embracing the GDPR – 3 Maptionnaire Privacy Updates You Should Be Aware Of

It’s no longer news that the EU’s General Data Protection Regulation (GDPR) came in to effect on May 25th. Everyone’s inboxes have been flooded with notices of renewed privacy policies. At Maptionnaire we welcome the idea behind the new requirements for companies to be more transparent and give people more control over their data. We’ve worked hard to ensure that our service and your Maptionnaire experience live up to the philosophy.

In addition to publishing a renewed General Terms and Conditions and Privacy Policy that aim to clarify how we handle personal data, we’ve done some practical GDPR-related updates to the Maptionnaire service. They are as follows.

New General Terms and Conditions (GTC)

The new GTC will automatically be applied to all new Maptionnaire users. But if you already have a Maptionnaire account, the next time you sign in you will see a dialog asking you to accept our new GTC. While at it, you can also update your preference for receiving our newsletter. This dialog will open one time only. The newsletter preference can also be changed later in your user settings.

 

Set Privacy Policies for Sensitive Data Collection

The GDPR requires that institutions keep Personally Identifiable Information (PII) safe. For our customers, this means that in the case of collecting such information in a survey, your questionnaire must include a Privacy Policy for the respondents to review and accept. The Policy needs to clarify what you will be doing with the data.

A screenshot of the new “Data and Privacy Settings” section

A screenshot of the new “Data and Privacy Settings” section

To facilitate this, every questionnaire now has a new “Data and Privacy Settings” section available in the editor. Here you can upload a Privacy Policy document for your questionnaire. You are free to design the document as you like but to make things easier for you, we’ve provided a template you can use – Download it here. We recommend making your Privacy Policy document a PDF file.

If your institution collects Personally Identifiable Information on a regular basis, you may want to set a default Privacy Policy to avoid uploading a new one for every new questionnaire. A Maptionnaire organization’s owner can do this in the organization settings. Once applied, the appointed Privacy Policy will be selected by default to show up in each new questionnaire. However, the questionnaire owner can still change the Privacy Policy later. Please note that the organization’s default settings do not affect already existing questionnaires, only new ones.

If you’re working with a multilingual questionnaire, the link text of the Privacy Policy that shows in your questionnaire can be translated using the translation tool.

Data Access Limitations

The GDPR instructs service providers to design with “privacy by default“. In line with this, we are limiting default access to a questionnaire’s response data within a Maptionnaire organization to the questionnaire owner only.

If the questionnaire owner wants to make a questionnaire’s data accessible to all organization members, this can be done in the new “Data and Privacy Settings” section of the editor. Note that the enlarged data access is a per-questionnaire setting and it is off by default for all existing questionnaires as well as all new questionnaires.

You can also allow response data access by default in your user settings. This will only affect newly created questionnaires and you can still change the settings of individual questionnaires separately.

Please note that the new data access setting only affects other members of your Maptionnaire organization. You can still generally or more selectively share access to the response data by setting an analysis password in the “Passwords” section of the editor.

The owner of a Maptionnaire organization can also activate API-based access to response data. This access type is separate from the password-based and organization membership-based access types. The option is intended for integration with third-party services or automated processes (FME). For more detailed information about API-based access, you’re welcome to contact support@mapita.fi.

Happy and secure mapping!