Inside ResponseSuite

ResponseSuite GDPR Compliance

Before you read on: We are NOT lawyers so please do not accept this as legal advice. Using ResponseSuite does not guarantee compliance with GDPR and it is your duty as the Data Controller to comply.

What is It?

From 25th May the EU's new General Data Protection Regulations go live. These are some major changes around the privacy and data laws in the European Union.

They've been introduced to protect the data of personal data of EU residents.

Who Does This Affect?

If you have data on anyone in the UK or EU it affects you. Yes, even if your business is based outside of the EU.

There is a myth being perpetuated around the internet that the GDPR doesn't apply to businesses with less than 250 employees, this is absolutely not true.

We think this has come from a misunderstanding of one of the exemptions, which says that businesses with less than 250 employees don't need to document their compliant processes. Documenting and complying are different things – we all have to comply.

How Does Tiapos (That's Our Company Name) Use Your Data?

We don't sell or share your data at all. Your data is collected purely to help your experience with ResponseSuite including to log in and secure your ResponseSuite account.

Surveys you create and responses you receive using ResponseSuite are only viewed when necessary and that information is never used without your express permission on a case-by-case basis.

How Is Your Data Transferred and Stored?

Every page at responsesuite.com is secured with an SSL certificate which in basic terms means that when you submit a form or send any information through a web page hosted on responsesuite.com it is sent across the internet to our server/database in an encrypted way that would be totally unreadable to anyone if they intercepted it en-route.

Them once your data arrives at our database it is automatically encrypted in the database itself.

We use Amazon's Relational Databases to store your data, not only are these things brilliant for storing and managing your data but they automatically encrypt the data in them so even if someone managed to break into the database once it's arrived there, your data is unreadable and useless.

Where Is Your Data Stored?

Part of this GDPR stuff is about where your data is stored, to overcome what they are called Cross Borders issues, we store your data on Amazon's servers and databases in the UK.

It is not stored in our offices, but offsite with Amazon in London.

How Can You, Our Customers Keep Data Safe?

Make sure your password is secure. It doesn't matter how much we protect the transfer of your data or the database we store it in for you, if someone guesses your password they can log in just like you do. So make your password a good length and ideally have it contains upper and lower-case letters and numbers.

The ResponseSuite Access Triangle (Soon To Be Square)

Most systems you use online ask you to log in using your email address and a password, right? With the perfect combo of those 2 things, you can log in. That's standard.

We wanted to take things further.

Even though guessing a combination of email address and password has millions of possibilities, we still take your security seriously.

That's why to log in to your ResponseSuite account you need to have three pieces of information correct instead of the usual two.

Email Address
Password
and
Subdomain

If you go to log in at yoursubdomain.responsesuite.com you'll be asked for your username and password, but ResponseSuite checks that the three pieces match.

However, if you went to responsesuite.com you'll be asked for all three pieces of information in order to log in.

If any of those pieces of information is incorrect, we won't give any clues as to which one of those didn't match, we just won't let the person log in.

Since we're obsessed with your security, we will be adding Google Authenticator as an option for log in later this year too.

Features We've Added To Help You Comply

  1. Get Permission. One of the elements of GDPR compliance is that you've got to have explicit permission to contact people. So, for example, if someone fills out a survey and you want to push their contact details into your email marketing system – they need to agree to you contacting them. That's why we have added a Terms element to your Survey Builder. This is a required checkbox where you can let them know of your intentions and have them agree.
  2. Protect Sensitive Data. Each field in ResponseSuite has a function that you can set the responses to be starred out and unreadable by our support staff, while you can still read it. You might want to use this for, particularly sensitive data. This is called the Sensitive Data function. The question will be visible to support staff, but the responses you collect will only be available to your account Owner and if you have sub-users to the user who creates it (not other users). Our developers could see that data but no one below Developer level in Tiapos can view the responses. Please keep in mind that support staff and directors at of ResponseSuite will not be able to view responses that you mark as Sensitive, which may affect our ability to help any support issues. Our staff, however, will never use or share data you collect.
  3. Encrypted All of the surveys you create and data you collect are also on an SSL secured page and stored on the Amazon Relational Database where they are encrypted.

Leave a Comment

9Shares