Company News

SurveyMonkey: committed to GDPR compliance

SurveyMonkey: committed to GDPR compliance

SurveyMonkey is, like many other companies, preparing for the General Data Protection Regulation (GDPR) when it comes into effect in May 2018. We can assure you that we are taking the GDPR requirements very seriously and are working cross-functionally with all our teams to ensure that SurveyMonkey’s privacy standards are always first class. We believe that our current company practices are very respectful of our users’ privacy and all applicable privacy laws, but we are nonetheless using our GDPR readiness preparations as another opportunity to ensure that we do even better.

We have a web page dedicated to all things GDPR here and this page includes our GDPR white paper which is available for download. In case you have not already reviewed them, we also have a number of helpful articles in our Help Centre and on our website regarding SurveyMonkey’s privacy and security compliance today:

Our Help Centre is also a great privacy resource for customers and, in particular, we would direct you to the following:

Some updates on GDPR readiness plans

  • A Data Processing Agreement for all paid plans – We now offer customers with qualifying accounts our standard SurveyMonkey Data Processing Agreement with Standard Contractual Clauses/Model Clauses and GDPR clauses as standard. We understand that some of our customers prefer to have a written agreement as regards data processing and transfers, in addition to SurveyMonkey’s terms of use and Privacy Shield certification. To receive a copy of the DPA application form please contact our customer support team.
  • Legal updates – We will also be introducing some changes to our customer-facing legal terms (e.g. terms of use, privacy policy and statements, data processing agreement) to enable SurveyMonkey and its customers to comply with GDPR requirements. In accordance with our Terms of Use, we will notify our customers of these changes in advance of them being implemented.
  • Security – While SurveyMonkey already uses state of the art SOC II certified servers in the United States, we are aware of the new and increased security standards that GDPR introduces and will continue to evaluate our practices to ensure that they align with industry standards.

We are confident of our ability to ensure that we (and by association our customers when using SurveyMonkey) can comply with GDPR by the deadline in May 2018. If you have any specific questions regarding the GDPR requirements and how this may impact your use of SurveyMonkey please feel free to let us know and our GDPR team will respond.