The European Union's General Data Protection Regulation (GDPR) is a legal framework around data protection which comes into force on 25 May 2018 and applies to any organisation that offers products or services to EU data subjects.
We have an article which explains how Delib products comply with the GDPR.
This article brings together FAQs which go into more detail about how our products can help you to manage the personal information you are collecting and storing within them.
We will add to this article as new questions and answers come in. If you have a question that isn't covered below, or a suggestion that you would like to share, please contact us on firstname.lastname@example.org.
FAQs - All products
Q: Do Delib’s products collect IP addresses? Why?
A: All of our products automatically collect the internet protocol (IP) addresses of each visitor to your site. This is specifically for the purpose of detecting and responding to security incidents (such as denial-of-service attacks). This data is stored securely in Delib’s logs.
The collection of IP addresses for this operational purpose is covered by Recital 49 of the General Data Protection Regulation (GDPR):
The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, by public authorities, by computer emergency response teams (CERTs), computer security incident response teams (CSIRTs), by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.
This data belongs to you, the customer organisation. Though it’s not available to access via your site, we can of course share it with you on request.
Separately, Citizen Space also collects the IP address of each respondent who starts a consultation response. This data is collected to help protect the integrity of your consultation data by providing potentially useful evidence should you suspect a deliberate attempt to skew consultation results via multiple submissions. Please note that multiple submissions from an individual IP address or particular address range are not necessarily indicative of suspicious activity, since IP addresses can be shared across families, organisations and users of publicly accessible devices (e.g. a library computer). However it can often serve as useful supporting evidence when investigating suspicious behaviour.
This data is stored securely within Citizen Space and automatically shared with you, the customer organisation and data owner, as part of your response data – you will see it in one of the later columns when you export all of your responses in a spreadsheet, or towards the bottom of the data when you view or download an individual response.
We are able to disable the collection of IP addresses for this purpose, so that you have the option to disable it if you definitely don’t want it to be collected and included in your data exports. If you would like us to disable this on your Citizen Space site, please contact us via our support email address.
FAQs - Citizen Space
Q: I understand that we need to reference privacy information at the start of each consultation before respondents submit any response and also at the end of the consultation (under right to be informed). Is there a way in which we can automatically include our privacy information at the beginning and end of every consultation we create on Citizen Space, so that no consultation can be published without this?
A: There isn't a way in which you can automatically include the privacy information at the beginning of each consultation, (on the overview page for example). That said, your Citizen Space-wide privacy notice is editable by you, and the link is there at the bottom of every page as respondents move through a survey. Here is an article about how to edit your Citizen Space Privacy notice.
You can edit the Online survey 'confirm submit' page, and include information there which will automatically include the privacy information for all consultations created on your site. Information about how to edit that page can be found here.
You may choose to have a standard privacy notice that you ask all admins to include in their Overview pages. The benefit of having that short sentence to copy in to the Overview page is that it can be added in 'Edit consultation details' at any time without having to retract a survey, so if you do wish to add privacy information in the overview, it can be done at any point.
A number of customers already use a template survey that all users clone, as a way to ensure that standard questions are always included (for example demographics questions). We think this is an excellent idea, and suggest that if you will be adding a GDPR information/consent question, this could be added to the template, which will ensure it is included when users start their consultation build process by cloning the template.
Q: Do I need a consent question at the start of every consultation? If so, what should my consent question include?
A: You should get support and legal advice from your own organisation. This excellent article about consent from the ICO is well worth a read and should help you to decide if a consent question is required or not.
It is likely that a proportion of work carried out on Citizen Space would be classed as a 'public task', which would be a more appropriate basis for processing than requesting consent.
This excellent article about 'public task' from the ICO contains the following information:
Article 6(1)(e) gives you a lawful basis for processing where:
“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”
This can apply if you are either:
- carrying out a specific task in the public interest which is laid down by law; or
- exercising official authority (for example, a public body’s tasks, functions, duties or powers) which is laid down by law.
The same ICO article also states:
"Individuals’ rights to erasure and data portability do not apply if you are processing on the basis of public task".
If you do decide that a consent question is necessary, Site Administrators can add this as a saved question, or a template consultation could be created for cloning as detailed in the question above.
The 'Public task' basis for processing data would not also cover the use of that data for other purposes, e.g. if you wished to use the personal data submitted to a consultation in order to also contact respondents about issues unrelated to that consultation. In that instance, consent would need to be requested for the additional processing purposes.
GDPR (Section 7) states that withdrawing consent should be as easy as giving it, at any time. With this in mind we recommend making it clear to respondents what the process is for contacting you should they wish to remove their data (the right to erasure/be forgotten).
Q: "I understand that if a respondent requests to be 'forgotten' we need to remove their details from our databases, but am unsure as to how we could remove them from our files held on Citizen Space to be compliant?"
A: Citizen Space allows users to remove responses from analysis but does not enable users to fully delete individual consultation responses. This is by design to protect against mistakes resulting in data loss, and to defend against any real or perceived concern that individual responses can be tampered with.
Erasure is achievable in Citizen Space, but there are certain elements to consider. For some types of consultation exercise, public sector organisations may be acting in the public interest, exercising official authority, and may also be exercising or defending legal claims (judicial review for example), which limit the right to erasure; whereas other consultations may not meet these criteria. You should seek your own legal advice or consult with those handling GDPR compliance at your organisation for more on this in your particular circumstance.
It is possible for customers to delete an entire consultation and all of its associated response data.
However if a respondent requests for their data to be 'forgotten', and it isn't possible or appropriate to delete the entire question, (doing so would delete ALL responses from that question), Delib has the power to permanently erase part or all of an individual response on the customer's behalf if given a clear written instruction.
In this situation we recommend that you contact us with details of the request at email@example.com (for compliance purposes we require erasure requests in writing) and an Account Manager will be in contact to discuss the best solution depending on the specific circumstances.
Q: "Can you let me know how long the results of any consultation are stored on the site for?"
A: The results for any consultation are stored on your Citizen Space indefinitely, or until you delete the consultation, or until you end your Citizen Space subscription.
Many organisations have a data management policy that requires the deletion of response data after a set time, (for some customers this is 2 years, for others it is 5 years).
In March 2018 we released a new optional feature called “Consultation completion” which allows a consultation owner to indicate once they’ve finished working with the data and all work on that consultation is complete. When switched on, this tool appears on the consultation dashboard. This feature was requested by the Scottish Government and is designed to help administrators from all organisations manage data retention periods. By logging the date that all work was completed on the consultation, it means your organisation will now have a record of how long it is holding data for, making it easier to keep in line with data protection guidelines and delete data once it has reached its retention limit.
If you would like the 'consultation completion' feature switched on for your site, please contact your Account Manager who will do it for you.
Q: If an individual completes a consultation, but doesn't leave an email address or any other information which would make them identifiable, could their response be exempt from GDPR?
A: No responses are exempt from GDPR. Citizen Space collects IP addresses with all responses, and IP addresses also count as personal data. The IP address for each response is available on the 'Download all responses' xlsx export. This means any response to an online survey includes personal data under the terms of GDPR, even if there aren't any questions specifically asking for identifiable information. Importantly - it is worth bearing in mind that if there are any free text questions, a respondent may have also included personal data within any answer, regardless of whether the question asks for it or not. Therefore, IP addresses should be treated in the same way as all other personal information for the purposes of GDPR.
Q: "Does Citizen Space have the functionality to bulk delete individual data fields from consultations, such as Name/Address/Email etc?"
A: Yes, you can delete specific fields from a consultation by editing the online survey to delete that particular question/answer component. Deleting an answer component or question deletes all of the data received in answer to it.
Q: What do we do if a free text answer contains Personal Information, even if we haven't asked for it?
A: Respondents can (and do) provide Personal Information in free text answers. The new GDPR should act as a good catalyst for your organisation to look at your data management policy, but is also a good time for you and your colleagues to look at any practices and procedures with regard to how you manage consultations and consultation data.
Citizen Space is GDPR compliant, and much of the onus will be on you to find the best solution based on the specific scenario.
For example, if you are concerned that you may need to flag any personal information (PI) that has been entered into free text responses for a specific consultation, you may choose to add a tag called 'Contains PI' or similar, which analysts can tick if and when they come across some personal information in a free text response. This will enable you to find and manage that data more easily, should you need to access it and erase it following a request from a respondent.
Or, if a respondent contacts you asking for any personal information in their response to be deleted, you could choose to email them a PDF of their full response, asking for them to get back with you specifically detailing what they would like to be removed.