Looking for GDPR Compliance in your WordPress forms and quizzes? Learn how to make GDPR Compliant forms and understand the Privacy best practices using the Quiz and Survey Master Plugin.
The vast majority of websites on the internet today collect some form of user information. Whether it’s your name, email address, location, search history, IP address, or a combination of other data, websites GAIN this information when you browse the web.
The new regulation (GDPR) – is designed to offer people more protection over their information, in particular recognizing that it can have serious implications once it leaves their control.
And it’s a serious issue, people’s privacy is at stake there have been many instances in the past that have led the EU to come with a uniform decision & create data protection laws that are consistent across the entire EU.
In this blog, we’ll understand where does QSM stands when it comes to GDPR compliance and what features can help you present an amazing quiz to your website readers/visitors keeping their privacy intact.
What is GDPR & is QSM GDPR Compliant?
The General Data Protection Regulation (GDPR) is a regulatory framework that establishes standards for the acquisition and processing of personal data from European Union citizens (EU).
Because the Regulation applies to all websites that attract European visitors, even if they do not specifically promote products or services to EU residents, it must be followed by all sites that attract European visitors.
According to the GDPR, EU visitors must be provided with a number of data disclosures. In addition, the site must take efforts to assist EU consumer rights such as timely notification in the event of a data breach.
The Regulation, which was adopted in April 2016, went into full effect in May 2018 after a two-year transition period. So, all boils down to our main topic is QSM GDPR Complaint? The answer is not that precise.
We need to understand the whole purpose of GDPR and then compare it with the features QSM has in order to follow it. QSM has the relevant features & functions and is fully capable of building quizzes/surveys/forms that adhere to GDPR guidelines, however, it is the responsibility of the webmaster and the quiz admin to accomplish the set rules.
We as a Plugin Development company can guide you to make your quizzes/surveys/forms be in compliance with the set rules. Following are some of these tips to make quizzes built with QSM GDPR Compliant.
#1 Don’t collect unnecessary data
It’s simple, do not ask for unnecessary information from the users just to fulfill your marketing needs. Creating multiple contact fields and asking for random info other than the main goal can turn out to be costly.
Keep your intent clear and more privacy-friendly. Keep the input fields minimal & avoid asking the user’s personal info. Review your contact form and remove unnecessary input fields.
The math is simple the fewer data you collect the minimal are the chances of a possible data breach. Stay away from collecting personal data that can a user is not comfortable sharing like gender info, political opinions, ethnic origin, religious or philosophical beliefs, genetic or biometric data, etc.
Look out for the “Store the responses in the database?” option in QSM. When revising your quiz or survey, look for this option under the “Options” tab. If you set this to “No,” the plugin will no longer save any of the data you input in the quiz or survey.
Usage Tracking in QSM is enabled by default that helps the Plugin developer to track the plugin’s usage and to better the experience in future updates, you can disable this feature by navigating to QSM > Settings >Main Settings > Allow Usage Tracking?
Similarly, you can disable the feature that collects & stores IP addresses in the settings itself, this feature is disabled by default. Here’s a document that can help you assess what data does QSM collects and why.
#2 Ask for User’s Consent
In order to protect privacy rights, it is currently considered necessary to obtain clear and specific consent prior to gathering personal data.
You can ensure this by enabling the checkboxes field in the QSM Contact Tab. The checkbox field type in QSM is used to signify acceptance and affirm the submitter’s agreement to a given condition.
Each condition for how the data will be handled must be stated clearly, and you must seek explicit approval for each individual item. You may need to seek supplementary consent from a parent if the data subject is a kid.
#3 Display Clear Privacy Notices
At the very least, be clear on the following points:
- What kind of personal information is collected via the contact form?
- What are the purposes of those data?
- Who has access to the information?
- Is the information saved in any way? If so, where are they kept, and for how long?
- Is the information shared with third parties? If that’s the case, who are they?
- Where will the information be processed?
- What security procedures are in place to keep the data safe?
- Can data subjects ask for their data to be exported or deleted?
When someone requests that their personal data be exported or deleted, and there is a compelling justification for it, such as legitimate privacy concerns, you must comply.
You can make use of the “Message Displayed Before Quiz” option of the Text Tab and display a notice beforehand to the user as seen in the above image.
#4 Export & Erase Personal Data
To help with GDPR compliance, WordPress has added two new pages: Export Personal Data and Erase Personal Data. Any plugins can be used in conjunction with these tools to aid in the exporting or deleting of user data.
These new tools now have a QSM integration. When using these tools, any data captured using QSM will be added to the exports or erased.
#5 Security Considerations
Protect the personal information you’ve gathered with appropriate security measures based on current best practices.
Implementing HTTPS for the entire website and encrypting data flow between the client browser and the web server, for example, is now regarded as standard. Encrypting an email message, on the other hand, is recommended but not yet widely practiced.
There are no official guidelines on exactly what security measures should be applied, it’s totally up to the site admin. We recommend installing a WordPress Security Plugin on your site that safeguards your site & prevents any lethal attack.
Details on compliance will differ from one site to the next, and sometimes even from one form to the next. This is why, in every case, we recommend consulting with a lawyer who is experienced with GDPR to assess your site and form usage.
That concludes our discussion. We hope that this guide has aided you in getting started with GDPR-compliant forms for your WordPress site.