Skip to main content
Qualtrics Home page

Safe. Secure.
And ready for GDPR

Safe + Secure

Nothing matters more to us than the security of your data. For over a decade, Qualtrics has provided best-in-class security – and we’re continuing to do so. Now that the EU’s new General Data Protection Regulation (GDPR) is in force, we’ve got you covered.

Securing your data

We are ISO 27001 certified and FedRAMP authorised – that’s the “gold standard” of security certification used by the U.S. Government for SaaS providers. As part of those programs, a Privacy Impact Assessment (PIA) – a key requirement of GDPR – has been performed and evaluated by an independent third-party assessor, so you can be confident your data is secure. In addition, Qualtrics has a Data Protection Impact Assessment (DPIA) that documents our handing of all your data, including personal data.

Data correction

Brand administrators can easily find and modify collected personal data to meet the ‘correction’ requirement of the GDPR. So, you’ll easily be able to modify an individual’s personal data should they request it.

Right to be forgotten

Brand administrators can permanently delete individual contacts and respondent personal data should an individual request it using a data subject request. Qualtrics one-touch data deletion functionality means erasure happens in one place, with just a few clicks.

Learn more

Built for enterprise security

The Qualtrics platform is packed with enterprise security features that make us the trusted platform for over 11,000 brands.

  • ISO 27001:2013 Certified and FedRAMP Authorized

  • Email Security (SMTP Server Setup, DKIM)

  • Data encryption in transit

  • Data Centers are audited with industry-standard SSAE-16 methods

  • Data redundancy for resilience during disasters

  • Independent 3rd-Party security reviews and penetration tests

  • Continuous network monitoring

  • Single Sign On (SSO)

  • EU-US Privacy Shield Certified

  • Swiss-US Privacy Shield Certified

  • In-house 24/7 security operations center

  • Active session management

  • Users can opt-out of re-contact for a survey

  • Control password parameters and expirations

  • Industry-standard security evaluations

  • Role-based authentication

  • EU, U.S., Canada, APAC data centers

  • Data isolation option for unique encryption keys

  • HITRUST self assessed

  • HIPAA Self Certified

  • IP whitelisting


What is GDPR?

The GDPR comes into force on May 25th 2018, tightening the rules for businesses on how they collect, store and process EU citizen’s personal data. The new regulations will impact organisations worldwide who collect and process personal data of EU citizens. So, if you’re running an employee or customer experience program, you’ll likely be affected. There are a lot of changes with the new rules, and here are just some of the key changes that are likely to impact your customer or employee experience programs:

See all GDPR changes

Data correction

EU citizens will have the right to request that their personal data are rectified, and they can request restrictions on how their data are used. In addition, they may asked to “be forgotten,” requiring that all their personal data be permanently erased. Generally speaking, the GDPR explicitly states it must be as easy to withdraw your data as it was to consent to it in the first place


A business must seek an Individual’s unambiguous consent prior to collecting any personal data. Descriptions about how the personal data will be used must be clearly stated, and business contact details provided if more information is requested. Organisations may need to consider conditions for processing other than consent, such as in relation to a contract, or because of another legal obligation (such as employer-employee).

Privacy assessment

Data processors will need to implement a high level of security to safeguard the controller’s data, and to conduct a Data Protection Impact Assessment (DPIA) that documents how personal data will be safeguarded. Qualtrics can provide an extensive security white paper that describes its key privacy-related processes and procedures.

More information

Got a question on GDPR?

Don’t hesitate to get in touch or contact your customer success manager to find out more about our changes and how we’re helping you to comply.