Ensuring compliance with GDPR

It's extremely important to the team at Commonplace that our platform and each project remains compliant with the current data protection laws and regulations in the UK and Europe. 

On a project basis, we ensure GDPR compliance by: 

  1. The first time respondents contribute, we explain clearly which organisations are behind the Commonplace project and what their roles are.
  2. For any personal information that is shared, we clearly state which organisation can see this information and explain why it is relevant to the engagement and how this information may be used.
  3. All communication options are clearly defined and optional opt-ins. Project stakeholders can only contact respondents based on the consents that they have given. The granular communication options include:
    • Commonplace news
    • Responses to comments
    • External newsletter
    • Other communications that can be defined on a per Commonplace basis e.g. participation in future research.
    • Being told about new Commonplaces in the area people live
  4. Every contributor has a profile page where they can see their consents and withdraw or modify them for all the Commonplaces they have contributed or subscribed to.
  5. All contributors have the right to see, update, delete or download the data that Commonplace has regarding themselves. The Commonplace profile lets respondents exercise this right easily.
  6. We are committed to reducing risk for our customers. Administrators on a Commonplace cannot download any personal data which includes identifiers or sensitive information. This protects both our customers and contributors.
  7. Data will be pseudo-randomised so it is only usable for statistical purposes after projects are concluded.
  8. Commonplace provides specific instructions to customers for authoring and using paper forms.

Learn more about changes, new tools added and our updated privacy policy.

On an organisational level we are committed to the same standards. Everyone receiving our industry newsletter has opted in and all our communications include an unsubscribe link in case one changes their mind.


We regularly review what we do and how we do things, and in doing so have identified some improvements. On Monday 2nd March 2020 we made the following changes:

  • The team page has been revised to make it clearer whom respondents are sharing their information with and who is controlling this information. We differentiate between the project team and Commonplace, and added the capability to link to the privacy policies of all project team partners.
  • The demographic page includes more specific guidance about special category data (e.g. ethnicity or information about disabilities) to ensure that when respondents consent to provide this information they are fully informed as to who will see this data and for what purposes it will be used.
  • Special category information will be fully anonymised. This means you will no longer be able to see special category data in the respondent list on the dashboard or filter for this information.
  • We have also updated our privacy policy to make it clearer what Commonplace’s role is and what personal data we collect and process for our own purposes.

Fee Schmidt-Soltau

Fee Schmidt-Soltau

Design & Usability