Ensuring compliance with GDPR
By Fee Schmidt-Soltau | Mar 2, 2020 10:55:00 AM
2 min read
It's extremely important to the team at Commonplace that our platform and each project remains compliant with the current data protection laws and regulations in the UK and Europe.
On a project basis, we ensure GDPR compliance by:
- The first time respondents contribute, we explain clearly which organisations are behind the Commonplace project and what their roles are.
- For any personal information that is shared, we clearly state which organisation can see this information and explain why it is relevant to the engagement and how this information may be used.
- All communication options are clearly defined and optional opt-ins. Project stakeholders can only contact respondents based on the consents that they have given. The granular communication options include:
- Commonplace news
- Responses to comments
- External newsletter
- Other communications that can be defined on a per Commonplace basis e.g. participation in future research.
- Being told about new Commonplaces in the area people live
- Replying to comments
- Sensitive information and its impact on downloads
- Commenting flow with project partners and communication consents
- Rights to manage data
On an organisational level we are committed to the same standards. Everyone receiving our industry newsletter has opted in and all our communications include an unsubscribe link in case one changes their mind.
We regularly review what we do and how we do things, and in doing so have identified some improvements. On Monday 2nd March 2020 we made the following changes:
- The team page has been revised to make it clearer whom respondents are sharing their information with and who is controlling this information. We differentiate between the project team and Commonplace, and added the capability to link to the privacy policies of all project team partners.
- The demographic page includes more specific guidance about special category data (e.g. ethnicity or information about disabilities) to ensure that when respondents consent to provide this information they are fully informed as to who will see this data and for what purposes it will be used.
- Special category information will be fully anonymised. This means you will no longer be able to see special category data in the respondent list on the dashboard or filter for this information.