GDPR | Qualtrics

Safe. Secure.
And ready for GDPR

Safe + Secure

Nothing matters more to us than the security of your data. For over a decade now, Qualtrics has been the most secure platform on the market – and we’re staying that way. So when the EU’s new General Data Protection Regulations (GDPR) come into force, we’ve got you covered.

Securing your data

We’re in the final stages of becoming FedRAMP authorised – that’s the highest level of security certification used by the U.S. Government. As part of that, a Privacy Impact Assessment (PIA) – a key requirement of GDPR – has been performed and evaluated by an independent third-party assessor, so you can be confident your data is secure.

Data correction

Brand administrators can find, modify, and delete data to help meet the ‘correction’ requirement of the regulations. So you’ll easily be able to modify an individual’s data should they request it.

Right to be forgotten

Brand administrators can permanently delete applicable data records should an individual request it.

Built for enterprise security

The Qualtrics platform is packed with enterprise security features that make us
the trusted platform for over 8,500 brands.

  • Email Security (SMTP Server Setup, DKIM

  • Data encryption in transit

  • Data Centers are audited with industry-standard SSAE-16 methods

  • Data redundancy for resilience during disasters

  • Independent 3rd-Party security reviews and penetration tests

  • Continuous network monitoring

  • Single Sign On (SSO)

  • EU-US Privacy Shield Certified

  • In-house security operations center

  • Active session management

  • Users can opt-out of re-contact for a survey

  • Control password parameters and expirations

  • Industry-standard security evaluations

  • Role-based authentication

  • Data sovereignty: U.S., Canada, APAC, EU

  • Available data isolation

  • Web Application Firewall

  • HITRUST self assessed

  • IP whitelisting | HIPAA Self Certified


What is GDPR?

The GDPR comes into force on May 25th 2018, tightening the rules for businesses on how they collect, store and process individuals’ data. The new regulations will have wide-ranging impacts on organisations collecting and processing data in the EU. So if you’re running an employee or customer experience program, it’s likely you’ll be affected. There are a lot of changes with the new rules, and here are just some of the key changes which are likely to affect your customer or employee experience programs:

See all GDPR changes

Data correction

Individuals will have the right to request their data is rectified or erased, or they can request restrictions on its processing. Often referred to as the right to be forgotten, the rules explicitly state it must be as easy to withdraw your data as it was to consent to it in the first place

Data permissions

An individual will now have to take affirmative action in order for a business to store and use their data. So permission needs to be expressly given through a deliberate action for each processing purpose. Organisations may need to consider conditions for processing other than consent such as in relation to a contract, or because of a legal obligation that your organisation has.

Sensitive personal data

Online identifiers such as IP addresses and cookies may now be considered as identifiable properties and genetic or biometric data are both now included in the definition of ‘sensitive personal data’

Privacy assessment

Data processors will need to implement a high level of security to safeguard the controller’s data, and to conduct a Privacy Impact Assessment (PIA) where they are carrying out higher risk processing activities.

More information

Got a question on GDPR?

Don’t hesitate to get in touch or contact your customer success manager to find out more about our changes and how we’re helping you to comply.