SurveyMonkey and GDPR

Prioritizing your trust—Sustaining our tradition of data security

Set to take effect in May 2018, the General Data Protection Regulation (GDPR) replaces the Data Protection Directive which has been law across the European Union for the past 20 years. Its mission is to harmonise the approach to data protection matters across Europe by establishing a single set of pan-European rules. We’re excited to help our customers understand how we are approaching this.

Why is GDPR important?

In order to ensure that the protection of personal data remains a fundamental right for EU citizens the aim of the GDPR is to modernise outdated privacy laws. The GDPR has the potential to impact any business that collects data in or from Europe. Significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on organisations who fail to meet their obligations with respect to handling data under the GDPR.

* Available in English only

What SurveyMonkey is doing

Making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations, and to assist our customers to do likewise is an integral part of how we operate on a daily basis. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data. We have outlined some specific aspects of our approach to preparing the processes, and building the infrastructure required for GDPR in this white paper.

Download the white paper

Security is what makes SurveyMonkey trusted by 100% of the Fortune 500, and the #1 survey platform for business

SurveyMonkey is built for Enterprise with robust security features:

  • Access control (authentication and authorization)
  • Single sign-on support
  • Data encryption at rest and in transit
  • SOC 2-accredited data centers
  • Continuous network and security monitoring
  • Vulnerability management
  • Incident response and recovery
  • Security awareness training
  • Periodic independent 3rd-party security reviews and penetration testing
  • EU-US Privacy Shield certified
  • PCI DSS 3.2 and HIPAA compliant
  • HITRUST self-assessed
  • Multiple data centers to guarantee a secure and highly available service at scale
  • Select group of trusted security partners, to ensure our customers are always protected with the best-in-class security

Data retention

We empower all of our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. For example, you can delete a single individual survey response from your account if required to do so. We honour all deletions from an account, and all account data which has been expunged by you is permanently deleted from our back-ups.

Are you prepared for GDPR? Take the quiz!

Use this tool to consider some of the adjustments or improvements you might need to make to meet your obligations under GDPR.

Below is an abbreviated overview of just a few things related to what SurveyMonkey has and is planning to implement in support of GDPR. For more in-depth details on the information below please download the white paper.

Security incidents

We have detailed security incident policies and procedures in place. We’re also committed to providing our customers with the information they need to meet their regulatory reporting obligations under GDPR.

Privacy basics

We are updating our Privacy Policy to be more succinct, easily navigable, and reflect the three million customers we serve daily, both self serve and Enterprise.

International data transfers

Personal data can only be transferred outside of the EU to 11 countries deemed to provide “an adequate level of protection”. For transfers of data to other countries, we offer a number of compliant solutions.

International data centre

We are aware that many of our customers with EU users and EU affiliates would prefer that their data be hosted in the EU. To address this, we are exploring the possibility of opening a Data Centre in the EU.

Updates to legal terms

We are making a number of changes to our customer-facing legal terms to include GDPR clauses and have already introduced these in our Enterprise terms. In advance of the 25 May deadline, we will introduce further updates.

Data minimisation and accuracy of your data

Privacy by design and privacy by default are an intrinsic part of our product planning and development.

For you

Get a platform that can grow and change along with your survey needs over time. Browse our plans to learn more about specific features.

See all plans

For your organization

Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely.

Learn more

For you

Get a platform that can grow and change along with your survey needs over time. Browse our plans to learn more about specific features.

See all plans

For your organization

Manage your company’s data with advanced security and control, so you can enable your teams to share and collaborate safely.

Learn more