Survey Design & Outreach Tips

How to Make a GDPR Compliant Survey: Best Practices and Examples

September 7, 2022

Reading Time:

Keywords:

Although the EU’s new privacy regulations have been enforced for a while, designing a GDPR-compliant survey still brings us headaches. What’s exactly personal and personally identifiable data? What type of questions can you ask? Can you show the survey results to other participants?

These are all valid questions, so let’s have a look at what you as a survey owner can do to meet GDPR standards. We’ll also cover what survey tools like Maptionnaire do to make your quest for making a GDPR-compliant survey easier.

But first things first.

What is a GDPR Compliant Survey?

That’s easy: a survey that complies with GDPR (the General Data Protection Regulation) ensures that an individual owns their personal information and always has access and the right to modify or delete the personal information collected about them. This also goes hand in hand with being transparent about what data is being collected, why, with which tools, and how it will be handled later.

So what’s that personal data or personally identifiable information? Much more than just an email or home address. According to Article 4, “personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

In other words, personal data is any piece of information that, together with other data, can lead to identifying an individual behind these responses.

Examples, please!

If in a community engagement survey you ask respondents to submit their ideas about how to redevelop an old park, these responses are not personal data — these are simply opinions.

If you ask to map their commute from home to work, that counts as personally identifiable information. Because, in theory, with this commute information at hand, anyone can access address directory and then check employment information. Which makes it fairly easy to identify the person behind the answer.

So what are the implications for you as a survey owner?

Here are the main points:

Collect only necessary personal data and be transparent about the purpose and the way you use the data;
Mention all your sub-processors who will have access to this data: for example, if you share this raw data with your colleagues via Dropbox, Dropbox will be a subprocessor;
Make sure respondents can modify or delete any personal data you’ve gathered in your surveys;
Don’t misuse the collected data;
Don’t reveal any personally identifiable information, and remember that not all survey responses are personal data.

And an important note: whenever you’re dealing with the response data of the EU residents, you need to comply with GDPR. Also, GDPR is the strictest privacy regulation to date. So if you comply with it, you’d most likely be in line with other privacy laws and recommendations.

The Best Practices for Making GDPR Compliant Surveys

Note that these are general guidelines and recommendations; your survey depends on your specific case.

Present your organization’s privacy policy before the respondent can proceed with the survey.
Ask for publication consent.
Feature a single checkbox on the first page of the survey that the respondent needs to check to consent to your privacy policy.
Don’t reveal any personally identifiable information when sharing the results.
Include any problematic material (e.g. YouTube videos) in pop-ups or on separate pages behind a page jump. Why is YouTube problematic? Because by embedding a video, you’re sharing the respondents’ IP addresses with YouTube. By placing a YouTube video on a separate page or in a pop-up, the respondent chooses whether to access this material or not.

If you’re using Maptionnaire for your engagement surveys, here’re more tips on how to create GDPR compliant surveys with our platform. You can always ask our support for help with this issue.

And below are more GDPR-related details.

Provide privacy policy

a privacy policy at the beginning of your GDPR compliant survey — *Provide a privacy policy at the beginning of your questionnaire.*

Always include a privacy policy at the beginning of your survey. Provide the policy in the languages that your respondents understand.

In the privacy policy, explain why you require the data and what kind of information will be collected. Also, mention how long the data will be kept.

List all sub-processors that you use for collecting and analyzing personal data. A curious example: if you use ArcGIS Online for analyzing geodata (which is most likely personally identifiable information), you should mention it as a subprocessor in your privacy policy as well.

To make your life easier (and surveys more secure), Maptoinnaire provides you with a ready-made privacy policy that you can include at the beginning of the survey. Treat it as a form you need to fill in with the details unique to your project.

Do not ask for sensitive information (unless you really need it)

Sensitive information includes health data, political opinions, religious beliefs, and so on. If you need any of such data for your project, be exceptionally mindful of how you use and present the resulting data.

Always check if any of the information you disclose can be used to identify individuals or not. Think like a detective. 🕵️

Once again, it’s your responsibility as a survey owner to treat data confidentially and be transparent about its usage. From our side, Maptionnaire treats all data as if it is sensitive — that is, with the utmost security.

Exclude personal data when showing responses made by others

In Maptionnaire surveys, you can show the responses made by others. It’s a very engaging feature, especially when all the results are put on a map or nicely visualized.

*This is how you can show the responses made by others in* *Maptionnaire. Note that cycling routes and favorite and disliked places are not considered personally identifiable information.*

But there is always a “but.” It’s better not to include any personal information on the results page, for example, a map of home addresses. On the other hand, a map of favorite and disliked places will work great and won’t expose any private data (just like the example above).

Make it easy for respondents to alter or delete their records

Any respondent has the right to access, alter, and delete personal data collected in a survey. And here we have two most common scenarios.

If a respondent has login credentials, they can do it themselves. With Maptionnaire, you can enable user authentication with Facebook or Google. To alter or delete responses, a respondent can simply log in and change the information.

If respondents take a survey without logging in, they should contact a survey owner directly. So make sure you have your contact details upfront in your questionnaires. A note for Maptionnaire users: once you’ve altered the data as requested, contact Maptionnaire support to ensure that the data is changed on our end as well.

Don’t ask for any personal information from respondents under 13 years old

Children’s personal data is given special protection under EU regulations. The rule of thumb is not to ask for any personal information from individuals under 13. You’d also need to get parental consent from respondents younger than 16 (the age differs from country to country, so check with your local Data Protection Regulation Authority for specific guidance).

If you need personal information (for example, sociodemographic data), make sure you get the parents’ consent. It’s also advisable to use a common device (a table provided by you or school laptops) for getting survey answers from children. But then remember to set up automatic session reset to save all the answers.

Anyways, these regulations should not prevent you from asking for children’s opinions and ideas when developing your city.

Data Protection Responsibilities of Survey Providers (aka Maptionnaire)

Maptionnaire surveys anonymize data. That is, no personal information Maptionaire collects (such as login credentials or device info) is linked to survey results.
We treat all the gathered data as sensitive.
Our servers collect standard login data (such as IP addresses) as part of routine service operations, but survey owners do not have access to it.
To make it easier to process personal data, we have a built-in feature for asking consent questions. Just switch on “Ask for publication consent” in your questionnaire's settings.
In Maptionnaire, it’s possible for respondents to edit and delete personal data themselves. Ask your respondents to register (using their email or Google or Facebook accounts) to complete the questionnaire. In this way, they can manage the information they have given through their profile on their own. Otherwise, it’s fairly easy to provide your contact details for those respondents who want to alter or delete their personal data.

Want to check how Maptionnaire surveys look like? Check our demo questionnaires.

As a bottom line, strict GDPR rules should not prevent you from gathering data and insights for your projects. With the right survey provider and the knowledge at hand, you’ll be able to design a survey that respects privacy and personal data — and does its job.

More Useful Materials about Designing Surveys:

Do you have any questions about designing GDPR surveys for your public engagement activities?

Our team is happy to chat.

Chat with Maptionnaire Team

Table of Contents

You'll also enjoy reading:

Counties, cities, and sites – oh my! Planners gear up for all scales of community engagement

Maptionnaire Connecting Community 2024 brought community engagement and participation experts together

6 best practices for organizing digital community engagement

Participatory Mapping: Best Practices, Tools, and Examples

Digital Stakeholder Engagement Proves Crucial for Deciding on a Hunting Concession in Nuuk

Unlocking GIS in Urban Planning: Benefits, Application & Examples

Tech News: Map-Based Discussions, List View, and Word Clouds

10 Guidelines for Inclusive Community Engagement

10 Best Urban Planning Podcasts to Tune in to in 2023

Children’s Independent Mobility and Active Transportation: Anna Broberg at Urbanistica Podcast

Benefits and Challenges of Citizen Engagement in Rural Planning

Communication with Residents is Key in Solving Urban Challenges: Maarit Kahila at the ISOCARP Spotlight Podcast

A Collaborative Approach to Sustainable Rural Development: Maptionnaire & RUSTIK

Maptionnaire is the Geospatial Innovator of the Year

How to Measure Community Engagement and Its Impact

Impactful Community Engagement: From Sharing Opinions to Producing Place-Based Knowledge with Citizens

How to Organize Citizen Engagement in a Master Planning Process? Our Learnings from the Webinar

A Comprehensive Guide to Community Mapping for Planning Professionals

3 Solutions for Better Integrating the Results of Public Participation in Urban Planning

7 Community Engagement Trends in 2023

What is Gamification? Explore The Basics

Increasing the Impact of Public Participation in Planning: 6 Examples from Urban Planning Projects

Different Angling: Measuring Public Opinion on Fishing, Aquaculture, and Tourism with PPGIS in Varangerfjord, Norway

Faroe Islands Get Local Perspectives on Land Use Conflicts with PPGIS

The Best Experts are the Citizens Themselves: Listen to Maptionnaire on a Smart in the City Podcast

Conducting A Community Needs Assessment: Steps, Tools, and Examples

Using PPGIS for Stakeholder Engagement in the Arctic: Maptionnaire & ArcticHubs

How to Design Community Engagement Survey Questions

Parempia kaupunkeja rakentamassa: Kokemuksia tehokkaasta asukasosallisuustyöstä | Maptionnaire Breakfast 13.10.2022

Three Types of Community Engagement in Urban Planning Projects

Pros and Cons of Community Engagement Platforms: Self-built vs. Open-Source vs. SaaS

What is a Community Engagement Platform and How to Choose One

How to Engage Stakeholders with a Survey: 6 Winning Methods

12 Best Practices in Survey Design to Boost Response Rates and Get Quality Data

5 Participatory Budgeting Examples And Their Successful Outcomes

What is Participatory Budgeting: Definition, Benefits, and Implementation

Re-thinking the Idea of Representative Democracy – Technology is Not the Silver Bullet

Tech News: Maptionnaire Now Fills All Accessibility Requirements & Other Updates

Q&A with the Maptionnaire Team – Gaurab

Tech News: Accessibility in Maptionnaire

Tech News: Saavutettavuus Maptionnairessa

Using 3D Participatory Planning to Enrich Community Engagement: Lessons From a City Planning Project in Turku, Finland

Mapita Gets New Board Members – Introducing Leila-Mari and Vesa

Q&A with the Maptionnaire Team – Anna

Q&A with the Maptionnaire Team – Asta

Q&A with the Maptionnaire Team – Krista

Q&A with the Maptionnaire Team – Jenna

Top 5 Community Engagement Webinars

Tech News: Download of Shapefiles, Hand-drawn Layers, Copying of Elements and Pages (& Other Updates)

The Importance of Communication in Urban Planning

Top-3 Community Engagement Trends in 2021

A Decade of Community Engagement

Tech News: Maptionnaire Now Available in 27 Languages (& Other Updates)

Pros & Cons of Public Participation GIS (PPGIS) in Urban Planning

Maptionnaire among the Top-50 Teams in the Lee Kuan Yew Global Business Plan Competition

5 Tips for Creating a Visual Survey for Urban Planning (Examples Inside)

The New Maptionnaire Community Engagement Platform — Introducing the Three Essential Modules

Entering the New Era of Public Participation — What Motivated Us to Develop the New Maptionnaire Service

Benefits of Online Community Engagement: Economic and Social ROI Analyzed

3 Principles of Public Participation You Should Act on Right Now

Maptionnaire Tech News: Goodbye Leaflet, Welcome OpenLayers

Q&A on Digital Public Engagement and Maptionnaire

Engaging the Community in Times of Quarantine with Online Tools

4 Benefits of Using Public Participation GIS in Transportation Planning

City Planning for Kids: Bringing Public Participation to Schools

Maptionnaire in Transportation Planning: Researching Cycling Safety in Zurich

5 Ideas for Enriching a Community Engagement Workshop with Digital Participation Tools

It Was a Full House at Our Yearly Get-Together – Maptionnaire Summer Meetup 2019 Recap

Maptionnaire palkittiin kansainvälisestä osaamisesta ja vahvoista referensseistä kasvuyritysten Smart City -sarjassa

Helpotusta asukaspalautteen hallintaan Maptionnairen kaavapalautejärjestelmän avulla

The Automized Public Hearing Process: Slash Time Spent Managing and Responding to Resident Input

Map-Based Surveys Valuable for Engaging with the Public in Urban Planning, A New Study Finds

Tutkimuksen mukaan karttapohjaiset osallistumismenetelmät tarjoavat loistavan tavan saada asukkaita mukaan suunnitteluprosessiin

Maptionnaire Chosen among Key Nordic Sustainable Urban Development Solutions

What is Participatory Planning and PPGIS in a Nutshell

The Importance of Getting Together: Summer Day 2018 Recap

Embracing the GDPR – 3 Maptionnaire Privacy Updates You Should Be Aware Of

Heritage Is Ours – Crowdsourcing Place-Based Memories

Participatory Mapping for Improving Disadvantaged Communities: Examples from São Paulo

How to Get People to Take a Survey Through Social Sharing

Using Citizen Participation Platforms in Different Phases of the Urban Planning Process

How to Get Pedestrian Movement Data with a Map-based Survey?

How to Make an Interactive Map Survey for Smooth Participatory Planning

How to Make An Interactive Map: Bring Spatial Data to Life

How to Design a Public Participation Plan for the Early Phases of the Urban Planning Project

How to Get People to Participate in Community Engagement: 7 Steps

The Advantages of Digital Community Engagement Methods

On-demand Webinars

Join our Newsletter

Guides