What is GDPR?

The General Data Protection Regulation (GDPR) is a new set of EU regulation that aims primarily to give full control over personal data to residents, in the European Union. Simply put, EU residents will now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed.

Who does it concern?

The GDPR covers all residents within the EU, and every organisation that provides services or products to people who are in the EU, irrespective of the location of the processing. 

What happens if you don't comply?

Failing to comply to GDPR can cost the organization a huge sum as fine. There are two tiers of administrative fines that can be levied:

1. Up to €10 million, or 2% annual global turnover – whichever is higher.

2. Up to €20 million, or 4% annual global turnover – whichever is higher.

The fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to the lower level, whereas infringements of an individual’s privacy rights will be subject to the higher level.

The three essential roles

Under GDPR, the people interacting with survey data generally fall into three categories.

  • Data Subject: The survey respondents, who fill the survey and submit the responses.
  • Data Controller: The survey creator or the survey admin, who determines the purposes and means of collecting and processing personal data.
  • Data Processor: Zoho Survey processes the data collected using the survey you create.

How does Zoho Survey help you to be GDPR compliant?

Zoho Survey lets the users download the survey data in all industry-standard formats and delete the data after use. We also ensure the following to be GDPR compliant:

Data collection and data processing


    IP address masking

    Users can restrict collecting IP address of respondents to protect their privacy and avoid unnecessarily collecting personally identifiable information.


    Data encryption

    Any file uploads by the respondent, custom fields with PIIs, custom variables in Custom Field Encryption and email addresses provided for the share feature will be encrypted.

Data Subject Rights


    Consent and Right to be Informed

    Survey authors are recommended to add fields within the survey to obtain consent from the respondents while collecting data. Authors can also use the Text Field to let their respondents know the purpose and uses for the data they are collecting.


    Right of Access and Data Portability

    Based on the request of the data subject, data controllers can share the PDF of the survey response to the survey respondent.


    Right to Rectification

    Enable editing of survey forms so that the respondents can edit the data they have shared, provided the survey author enables the permission to edit.


    Right to be Forgotten

    Any data that is added to Zoho Survey can be erased. Survey admins or users, depending on the set access controls, can erase any kind of inaccurate data and records at any point of time.