The General Data Protection Regulation (GDPR) regulates the handling of personal data, and the Swedish Authority for Privacy Protection (IMY) is the supervisory authority. More general information about GDPR is available on IMY's website.
Quicksearch has procedures and several tools to facilitate compliance with GDPR for our customers. This includes everything from security to where we process data to system security and procedures.
Quicksearch always acts as the data protection officer for your surveys, which means that it is the customer's rules for personal data that apply. Therefore, for example, we cannot delete personal data even if the individual contacts us directly.
Marking of Personal Data
We have tools to mark which data should be considered as personal data. The fields depend entirely on the context of the data. You then choose a policy for how long personal data should be stored in the system before it is automatically deleted.
There are tools for pseudonymization, which allows you to follow a customer over time even if personal data is deleted.
We have good tools for clustering data to retain the value of a piece of information while reducing the risk of it becoming personal data. An example is the ability to use age categories instead of individual ages.
Data That Should Not Be Processed by Quicksearch
Data that has no value to be sent to Quicksearch should not be sent. We have good tools to clean up received data from, for example, CRM or HRM systems, but the most correct way to handle the data is not to send it to Quicksearch if it should not be processed by Quicksearch. Therefore, we have the ability to, for example, update CRM with information about who has opted out of surveys.
Sensitive personal data such as social security numbers, sexual orientation, religious beliefs, or equivalent should also not be handled by Quicksearch and are very rare in the contexts in which we conduct surveys.
Personal Data in Free Texts
When a person responds to a survey and has the freedom to write text, it is always possible that personal data may be included. There are no technical supports today that can completely prevent this. Therefore, we have tools to reduce the risk by encouraging the respondent not to provide sensitive information, to delete information that we can assume is personal data, or to mark all incoming text as personal data and thus automatically delete it. Through text analysis, valuable insights can still be gained from free texts.