SoGoSurvey’s Plan for GDPR Compliance
Our Commitment to You and the Protection of Your Data
We’re committed to partnering with SoGoSurvey customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and will go into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.
Preparing for the GDPR
The GDPR’s updated requirements are significant and our global team is working diligently to bring SoGoSurvey’s product offerings and contractual commitments in line so customers can prepare themselves before May 25, 2018. Measures to achieve this include:
- Continuing to invest in our security infrastructure
- Making sure we have the appropriate contractual terms in place
- Ensuring we can continue to support international data transfers by maintaining our Privacy Shield self-certifications, and by executing through our updated Survey Privacy
- Product offerings that include new tools for data portability and data management We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
Our Security Infrastructure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. Our infrastructure is covered by several security certifications such as SOC 2, SOC 3 and ISO 27001 (information security management system).
In accordance with GDPR requirements around security incident notifications, SoGoSurvey will continue to meet its obligations and offer contractual assurances.
If you’d like to learn more about SoGoSurvey’s security policies and procedures, please see our security page. It provides detailed information on how we approach security, and how SoGoSurvey ensures user data security in particular.
International Data Transfers: Privacy Shield and Contractual Terms
To comply with E.U. data protection laws around international data transfer mechanisms, we self-certify under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Data Portability Solutions and Data Management Tools
Customers have requested tools to help them comply with the GDPR. And we’re happy to say that we’ve built those tools.
Compliance-related tools include the following:
- Import and export tools: Businesses and organizations may access, import, and export all their Customer Data, including surveys and reports.
- Profile deletion tool: Help customers respond to user requests to delete personal information, such as names and email addresses, from a SoGoSurvey account.
Fulfilling our privacy and data security commitments is important to us. So we’re glad to help you prepare for all the changes the GDPR brings. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how SoGoSurvey can help you with compliance, we hope you’ll reach out to us at firstname.lastname@example.org.
What is the GDPR?
When will the GDPR take effect?
The GDPR will be directly applicable in all European Union Member States starting from 25 May 2018.
Does the GDPR require storage of personal data in the EU?
No. Like the 95/46/EC Directive on Data Protection, the GDPR sets forth certain conditions for the transfer of personal data outside the EU. Such conditions can be met via mechanisms such as model contract clauses.
Will the GDPR give customers the right to audit SoGoSurvey?
Under the GDPR, audit rights must be granted to data controllers in their contracts with data processors. We will be offering data processing agreements which will include audit rights for the benefit of our customers.
How can I exercise my GDPR rights?
Under GDPR in the European Union, we are all data subjects, and have certain rights.
If you are a SoGoSurvey user, this article explains how to exercise your GDPR rights:
If you’ve completed a survey and want to exercise your GDPR rights, see this article:
Do you have a Data Processing Agreement available to sign?
GDPR specifies that a Data Processing Agreement (DPA) should be signed with any third-party vendor/company you might have a data relationship with. This does not apply to everyone, but if it does, you can request a DPA by contacting our support team. We will then send you what you need.
How do I contact your Data Protection Officer (DPO)?
You can contact our Data Protection Officer by emailing us at email@example.com
What role do third-party ISO 27001, ISO 27017, ISO 27018, and SOC 2/3 reports play in compliance with the GDPR?
Our third-party ISO certifications and SOC 2/3 audit reports can be used by customers to help conduct their risk assessments and help them determine whether appropriate technical and organisational measures are in place.
What other information has SoGoSurvey provided on the GDPR?
Please be aware that we are continuously updating and adding information here to better help you understand how we are addressing the requirements of GDPR.