Is SurveyMonkey GDPR Compliant?

What is SurveyMonkey?

Before jumping into the GDPR compliance of SurveyMonkey, let's familiarize ourselves with the platform itself.

Not that it needs much introduction. SurveyMonkey is one of the most popular online survey tools out there, and has been helping organizations to collect feedback from their customers for over two decades.

Based out of the US, the platform boasts 17.5 million active users. They’re spread out across more than 335,000 organizations around the world. SurveyMonkey even claims to serve 95% of Fortune 500 companies, making them the king of the jungle!

They’re big, they’re experienced, and the platform now also uses AI to automatically review survey design, and results. Taken together, this makes creating, launching, and analyzing surveys a breeze for everyone - making it a useful tool for anyone wanting to use customer insights to drive business decisions.

Surveys are a great way to collect the direct customer feedback you need for effective website optimization and business success.

They're also a great source of zero-party data.

And whether you're a beginner dipping your toes in the survey creation pool, or a seasoned market researcher looking for a versatile tool, SurveyMonkey caters to all.

It also has a fairly standard pricing structure for the modern martech market. The company offers a wide range of plans, and there’s something for everyone - from individuals to large-scale enterprises. SurveyMonkey offers a freemium package that has a range of basic tools, with more advanced features saved for its paid users.

However, its pricing models have drawn criticism. While its basic plan starts at $25 per month, the cost quickly escalates beyond $100 for the more advanced ones. This, coupled with a somewhat covert approach to its free plan restrictions, has left a sour taste for many users.

Digging Deeper: The Good and the Bad

SurveyMonkey’s standing in the market is a mixed bag. On one hand, it holds a strong 4.4 user rating on G2, a well-recognized platform for unbiased software reviews. Users often laud its ease of use and the ability to download results conveniently. However, the plot thickens when you turn to Trustpilot, another popular review site. Here, SurveyMonkey's rating takes a significant dip, falling to a concerning 1.2.

Users have raised a slew of complaints ranging from the deterioration of functionality and an unintuitive interface, to poor cross-device compatibility and opaque pricing. With the free option now limited to just 10 responses, many users feel blindsided when they realize they have to pay a premium to actually use the survey they've created.

Learn About the Top 10 Website Survey Tools

Why the GDPR Compliance of SurveyMonkey and Other Survey Tools Matters

Ultimately, the GDPR compliance of SurveyMonkey and their like is important because they collect many different data points beyond simply question responses. Much of it falls under the scope of GDPR, and it is ultimately the user - not the platform - that is legally responsible.

This data includes:

Respondent Identifiers: These include names, emails, or other data that could be used to identify someone. Some surveys collect this data for follow-up actions, while others may anonymize or avoid these to ensure respondent anonymity.
Demographic Information: Surveys often collect data about age, gender, and other demographic factors to understand the respondent's background better.
Behavioral Data: Some tools also collect data related to user behavior on the platform. This could include how much time they spend on questions, whether they navigate away from the survey before completion, their device, and IP address.
Geographical Information: Location data can be collected. This data helps in regional or location-based analysis of survey responses.
Technical Data: Information about the respondent's device, browser, and operating system may also be captured. This can help in optimizing the survey across platforms.
Cookies: Online survey tools often use cookies to track users, analyze traffic patterns, and customize user experiences.

Of course, collecting data is not in itself illegal. However, it’s important to understand the data practices of any martech you’re using, and moreover to take steps to ensure that it is handled correctly under data privacy laws.

More specifically, the collection and processing of personal data requires explicit user consent under GDPR and other data protection regulations, and any data collected should be minimized to what’s necessary for the task at hand.

So, Is SurveyMonkey GDPR Compliant?

SurveyMonkey's terms indicate that it collects personally identifiable information from users, both through the survey data and also via automated usage and behavioral data tracking.

Furthermore, SurveyMonkey states that they may share this information with third parties to improve or promote their services.

The service claims to collect and also store survey responses. However, the responsibility of managing and handling the data lies with the survey creator. While this might seem to absolve SurveyMonkey from any mishandling, it's a double-edged sword, putting extra pressure on the user to ensure data privacy.

Crucially, SurveyMonkey uses cookies. GDPR stipulates that explicit consent is required when tracking visits and user activity with these data files. SurveyMonkey states that it uses cookies for these purposes, but it's unclear how consent is sought from users.

The platform also stores most of its European customer data on servers in the US, something that raises significant questions about its compliance with GDPR.

This ties SurveyMonkey back to Schrems II - a judgment delivered by the Court of Justice of the European Union in July 2020.

In brief, Schrems II invalidated the EU-US Privacy Shield and imposed stricter requirements for transferring data from the EU to third countries like the US that don’t have an EU GDPR adequacy agreement.

Thus, for businesses using US-based Software as a Service (SaaS) solutions like SurveyMonkey, it’s critical to review compliance as these may involve data transfers to regions outside of the EU/EEA.

Worried About the GDPR Compliance of SurveyMonkey? TWIPLA Offers a Fresh Perspective

Considering these concerns around the GDPR compliance of SurveyMonkey, it's a good idea to explore SurveyMonkey alternatives.

One such option is TWIPLA. We're a privacy-perfect website intelligence solution that has been designed to fully comply with all global data privacy laws - including GDPR.

Our platform offers a range of visitor communication tools that include in-page polls and off-page surveys. Taken together, they offer businesses a comprehensive range of avenues through which to collect customer feedback.

However, TWIPLA is not just limited to visitor communication tools. It also offers complete website statistics and visitor behavioral analytics that businesses can use to optimize their website around their visitors and optimize strategies for growth.

That’s the GDPR Compliance of SurveyMonkey Explained!

In the digital world, data privacy and GDPR compliance aren't mere conveniences; they are necessities. SurveyMonkey, despite its popularity, has faced considerable scrutiny concerning its GDPR compliance. This concern has led users to seek SurveyMonkey alternatives that respect their needs and the law.

TWIPLA emerges as a superior, easy-to-use, and also GDPR-compliant solution in this landscape. It allows you to gather, analyze, and use your data without compromising on data privacy. As we traverse the path of data-driven decision-making, it's imperative to have tools like TWIPLA that operate within the realm of data privacy laws.

Take the leap today and sign up to TWIPLA!

It's not just about respecting user's data privacy; it's also about earning their trust. Because when it comes to data, trust is the currency that truly matters.

FAQs

What is SurveyMonkey?

SurveyMonkey is a popular online service that enables businesses to create surveys, which are a great way to collect information from customers. The tool also enables users to easily analyze responses, which makes the surveys much more useful as an aid to, for instance, website optimization.

Does SurveyMonkey collect personal data?

Yes, SurveyMonkey can collect personal data when included in surveys. They also collect user data for those utilizing their platform, and this means that the platform falls within the scope of GDPR and other personal data protection laws.

Is SurveyMonkey GDPR compliant?

SurveyMonkey claims that it is GDPR compliant. However, it collects personal data and the platform states in its privacy policy that it may share data with third parties. It also uses cookies to collect data, and stores data on servers in the US. These issues all violate GDPR requirements, and mean that users have to be very careful about their data practices if they are to comply with the EU personal data protection law.

Does GDPR apply to anonymous surveys?

GDPR is concerned with personal data. If a survey is genuinely anonymous and cannot identify an individual directly or indirectly, GDPR doesn't apply. However, if any identifiability exists, GDPR is relevant.

What data does GDPR not apply to?

GDPR is exclusive to personal data. It doesn't govern data about deceased individuals, data used strictly for personal or household activities, or fully anonymized data where re-identification isn't possible. However there are other laws - created to meet the requirements of the EU ePrivacy Directive - which apply to digital data that is not controlled by GDPR.