The EU GDPR (General Data Protection Regulation) regulation became a reality on 25 May, 2018 so you should be sure to be complaint with it when using Opinion Stage.
What is the GDPR?
The General Data Protection Regulation (GDPR) was introduced to unify all EU member states' approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU. It will protect EU citizens from organisations using their data irresponsibly and puts them in charge of what information is shared, where and how it is shared.
Is the GDPR regulation relevant for me?
The GDPR regulation is relevant to you if you have an audience in the EU and are collecting personal data from users, regardless of whether you are based inside or outside the EU.
So if you are sure you don't have an EU audience, you can stop reading here (note that to be on the safe side you might even want to block European IP addresses).
However, if you do have an EU audience, it is important you continue reading to verify you are GDPR covered.
What is defined as personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person is defined in as personal data in the GDPR regulation. It can be anything from a name,an email address, identification number or location data.
In what cases does Opinion Stage collect personal data of users?
There are 3 cases in which you may be collecting personal information from your audience using the Opinion Stage tools:
- Personal data collected in forms - Opinion Stage offers standalone forms and forms that are integrated in different content types (e.g. polls, quizzes) that you can use for collecting data from your users. You may be using these tools to collect personal data (e.g. email, phone number, etc).
- Social profiles collected in polls - this personal data is only collected if you use the "Require a social profile for voting" feature with the poll format (by default the feature is set off).
- IP tracking in polls - IP's are tracked only in polls and only if you configure to block repeat voting using IP's (by default the feature is set off).
To stay compliant with the GDPR, you can use Opinion Stage in 2 modes:
Mode #1 - personal data IS NOT collected by Opinion Stage tools
To be sure you are not collecting data that is classified as personal based on the GDPR regulation, verify the following:
- Don't use the "Require a social profile for voting" feature in polls.
- Don't use the block repeat voting using IP blocking feature in polls.
- Don't gather personal data (e.g. email, phone, etc) using Opinion Stage forms.
If you comply with the above 3 restrictions, you are not collecting any personal data with Opinion Stage tools and therefore do not need to be concerned about the GDPR regulation.
Mode #2 - personal data IS collected by Opinion Stage tools
If you have an EU audience and still want Opinion Stage to store personal information you can do that.
To stay compliant with the GDPR rules, it is required in this case to notify your audience what you will be doing with their personal data and that it will be stored on the Opinion Stage servers
So for example, if you are using a form that collects personal data (e.g. emails), you are required to have a checkbox that is unset by default, and specifies what you plan to do with their emails and notify them where they will be stored.
Opinion Stage stores data on secure AWS Amazon servers located in the US. For information on how Amazon AWS complies with GDPR, please read here: https://aws.amazon.com/compliance/gdpr-center/
We believe the GDPR regulations are a good step forward in protecting personal data of users and a step forward for a better and safer internet, and therefore happily embrace it. If you have an audience in the EU do not neglect this regulation and verify you are using Opinion Stage in a way that complies with it.