We're currently revising our procedures on the use of Survey Monkey in the light of our GDPR compliance preparations.
In the past I have advised colleagues to complete the following tasks before using Survey Monkey. In such cases risks have been low, as the only personal data involved have been names and IP addresses of participants in the survey:
1. Complete the PIA (incorporating a description of what they want to use it for and what level of data will be involved)
2. A privacy statement which covers their survey (they will not always be covered by the general statement we have on the website)
3. Permission from Information Rights Officer/IT team to collect, process, store the information
4. We're also working on a disclaimer to advise survey participants that any data they submit will be stored in servers in the US, so they will need to consider this risk before participating
Was wondering if anyone else had similar procedures in place and/or if they are reviewing the situation from a GDPR perspective?
Thanks
Ciaran Ward
Information Rights Officer
Guildford Borough Council
Guildford Borough Council UNCLASSIFIED EXTERNAL
**********************************************************************
Guildford Borough Council has arrangements for handling sensitive emails. For more information on how you may be affected please go to www.guildford.gov.uk/SecureEmail. If you have received this message in error, please (a) notify the sender immediately, (b) destroy this email and any attachments, and (c) do not use, copy, and/or disclose this email or any attachments to any person.
Guildford Borough Council regularly updates virus software to ensure as far as possible that its networks are free of viruses. However, you will need to check this message and any attachments for viruses as Guildford Borough Council can take no responsibility for any computer virus that might be transferred by this email.
The contents of this email may not reflect Guildford Borough Council policy. We store and monitor all emails and attachments sent and received by Guildford Borough Council employees in our Cryoserver system for up to 2 years to prevent misuse of the Council's networks.
**********************************************************************
This message has been scanned for malware by Websense. www.websense.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|