GDPR is the European General Data Protection Regulation (GDPR), which became uniformly effective in all Member States on May 25, 2018. It is a set of regulations designed to protect EU citizens' personal data and enforces rules on data privacy and how organisations collect, store and use personal data.
GDPR stipulates, among other things, that the collection of personal data can only start once the researcher (the author of the survey) has received the individual's explicit consent to the collection itself.
The individual (respondent) must also be clearly informed what data will be collected and for what purpose. When collecting personal and survey data, we follow the principle of data minimisation, i.e. we collect only the data we need to fulfil the purpose of the survey. This data may not be used for any other purpose of which the respondent has not been informed and has not given their explicit consent. This means that the author of the survey may only use the data obtained for the purpose of the survey and not pass it on to any third parties. Nor may the data be combined with other data in their possession.
Consent may be withdrawn at any time by the individual (respondent) and the authorisation to process the data will cease. The respondent has the right to erasure (right to be forgotten), modification and access to the data. On this basis, the respondent may request the author of the survey to delete or modify their personal or survey data and to give them access to the data collected.