Often internal organization security policies or privacy laws, such as article 5.1.e of the GDPR, require that personal data not be retained longer than necessary.
Principles relating to processing of personal data
Personal data shall be: kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
In layman’s terms: don’t keep the data longer than necessary! But if you require this data for a longer period and they will be used for statistical purposes, for example because you require it for benchmarking, then this is allowed as long as you take the appropriate measures to keep that data safe. For example, if you conduct a survey each year and want to compare with the previous years, then you may retain the data for say 18 months or 30 months.
By setting data retention rules, you can schedule when contact and respondent data are automatically and permanently deleted from your surveys in our system. Only the account administrator can set these rules for the entire account, meaning that the same rules will apply to ALL surveys in the account.
These rules can be overridden at the survey level for the account administrator. This can be useful if most of your surveys only need to keep the data for a short period, but you have a couple longitudinal surveys with a long running benchmark. In that case, you can set a global account level rule that applies to a majority of your surveys, and then set different rules specifically for those surveys. Additionally, you can allow survey owners set override rules for their own surveys.
Set data retention rules for the entire account
You can schedule when contact and respondent data are automatically and permanently deleted from your surveys in CheckMarket’s platform. These rules will be continuously applied to all existing and future surveys from all users in your account even those with the status ‘Live‘.
The data will be removed permanently from your surveys during a nightly process and cannot be restored.
First go to Account > Legal & Compliance. Here you’ll see the following options:
Purge contacts
Schedule the automatic nightly removal of contacts added to surveys after a certain number of days. Their responses will remain available in the reporting and you will lose access to any metadata in the surveys in question, such as custom fields. Note: Data retention rules do not affect your contact lists. You must clean up your contact lists separately.
Purge respondents
Schedule the automatic nightly removal of respondents that answered more than a certain number of days ago. This will delete both the answers as well as any contacts that are associated with these respondents from the relevant surveys.
Override
These rules can be overridden at the survey level.
When data retention rules are set for an individual survey, they have priority over the rules set at the account level, including any rules that were set at the survey level before the account level settings were made.
When you activate the override rules, only the survey owners will be able to override the Data retention rules set at account level.
Click on Save and confirm your settings one last time to activate the data retention rules.
Set data retention rules for a specific survey
If the account administrator has activated the override, each survey owner will be able to set specific data retention rules for their surveys. These will apply only to that particular survey, also when it is ‘Live’.
The data will be removed permanently during a nightly process and cannot be restored.
In order to set the data retention rules for a particular survey go to that survey and click on Settings > Options
Tick the box next to Data Retention. If it is already ticked, this means the account administrator has set data retention rules on account level as well. Untick this box to completely deactivate the data retention rules for this survey.
Once ticked, the following options will appear:
Purge contacts
Schedule the nightly removal of contacts added to this survey after a certain number of days (minimum 10 and maximum 3650). Their responses will remain in the reporting but you will lose access to any metadata in the survey, such as custom fields. To avoid this, prefill the meta-data into hidden questions. Note: Data retention rules do not affect your contact lists. You must clean up your contact lists separately.
If you only want to purge respondents, and no contacts, you can leave this field empty.
Purge respondents
Schedule the nightly removal of respondents that answered to this survey more than a certain number of days ago (minimum 10 and maximum 3650). This will delete both the answers to the survey as well as any contacts that are associated with these respondents.
If you only want to purge contacts, and no respondents, you can leave this field empty.
View surveys with data retention rules
The account administrator can get a list of all surveys that have different data retention rules from the ones set up for the account. To get this list, follow the steps below:
- Go to Account > Legal & Compliance.
- Click on Data retention rules.
- Click on View surveys with data retention rules.
You can download this list in different file formats, or go directly to that survey by clicking on it.
View data retention log
All changes to the data retention rules as well as all purge actions are logged.
You can find these by going to your account’s activity log and doing a search on “retention”.
Or you can go to Account > Legal & compliance, click on Data Retention rules and then click on the link View data retention log.
Note: You should also seek independent legal advice relating to your obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing in this article is intended to provide you with, or should be used as a substitute for, legal advice.
Leave a Reply