It concerns us all: the new data protection legislation GDPR (General Data Protection Regulation), which will come into force on May 25, 2018. Are we expecting a big bang? The strengthened GDPR rules for the collection and processing of personal data from EU citizens will apply from the end of May. inITova sees the new legislation as a positive step towards the protection of personal data. After all, it's about transparency and trust!


What does GDPR mean?

The EU General Data Protection Regulation (GDPR) replaces the data protection directive 95/46 / EC from 1995. The online landscape has changed a lot in recent years and the applicable data protection law is no longer relevant in some areas. For this reason there is a new set of rules for documentation, responsibility and information for companies.

Personal data is all information that relates to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular through references such as a name, an identification number, location data, IP addresses or one or more factors that relate to the physical, physiological, genetic, mental, economic , cultural or social identity of this natural person. For customer feedback, it is important to know that questionnaires can also relate to personal data, for example the location of a shop or a mechanic in the region. This information is also accessible to people.


The impact of the GDPR on customer feedback at inITova

We are obliged to take responsibility with regard to personal data and data protection, based on the surveys that we offer as an agency for customer feedback, customer satisfaction and customer journey research. Handling data is one of our priorities and we take this responsibility very seriously. We take both technical and organizational measures to ensure the security of personal data.


InITova's measures for compliance with the GDPR

The new EU General Data Protection Regulation will have consequences for every company. We handle the personal data of customers and respondents confidentially and are transparent in our communication. We have the means to handle customer feedback and personal data responsibly.

The 6 basic principles and the steps we take to comply with GDPR rules for personal processing are briefly explained below:

1. Legality, fairness and transparency

Both inITova and our customers must clearly inform the respondents about which survey they are taking part in. The survey must be both clear and appropriate. inITova attaches great importance to a confidential and transparent environment.

2. Purpose Limitation

We as processors and our customers as controllers are only allowed to request, store, use and pass on information for specific, explicit and lawful purposes. Before we process information, we make it clear to everyone what the goal of the research is, including for the respondents.

3. Data minimization

Personal data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed. Not all data is needed for a specific problem. We have the means to apply this rule flexibly for every project. Data that is collected and required for research is recorded in order processing - formerly order data processing (ADV).

4. Accuracy

Personal data must be correct and, if necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate about the purposes for which it is processed is promptly deleted or rectified. Personal data can be corrected or deleted in our support department. If we as the processor have access to the relevant data, the respondents can contact us by email or phone. We will contact our customer (controller) immediately and correctly in the event of a request.

5. Storage Limitation

Personal data must be stored in a form in which the data subjects can no longer be identified than is necessary for the purposes for which the personal data are processed. inITova can automatically archive or delete data after a certain period of time and adapt it technically with its own systems. This is flexible and dynamic, so the memory limit can be set differently for each project. In addition, we can specify at certain levels when data needs to be overwritten. We have taken all the necessary technical and organizational measures to protect the rights and freedoms of the data subject in accordance with GDPR. Our customer feedback systems make it possible to manage this at every level.

6. Integrity and Confidentiality

We think a confidential environment is very important. We therefore process personal data in a way that, through suitable technical or organizational measures, guarantees appropriate security, including protection against unauthorized or illegal processing and against loss, destruction or damage. We use encrypted storage with restricted access. In this way, our customer feedback systems are well secured. Data is only exchanged via highly secure connections in which our network security is equipped with a firewall, virus protection, authentication and encryption. inITova has a clearly structured management system in which we can deal with information security. We are a customer-centric company and that is perfectly in line with the entry into force of the reformed legislation!


The new EU General Data Protection Regulation is positive for all of us!


Do not see the new set of rules as a burden! The reformed, stricter legislation is intended to minimize risks and prevent abuse. This results in personal advantages and advantages for organizations, because we protect ourselves and our customers!

If you as a company can demonstrate that you handle personal data in a transparent manner and in accordance with the GDPR, you strengthen the relationship with the customer and the customers will recognize your company as trustworthy. This in turn has a positive effect on customer loyalty. Customers will be more inclined to provide feedback, remain loyal, and ultimately even help you generate higher sales because they trust you!

CYS information on data security 2018