Researchers, students and staff who collect personal data are obliged to protect the privacy of the survey respondents by thinking carefully about the survey design. Compliance to the GDPR is mandatory.
Maastricht University has concluded a data processing agreement with Qualtrics about processing low-, middle- and high-risk class personal data .
It is possible to process special categories (high-risk) of personal data. Contact your supervisor (students) or information manager (staff) to perform a risk analysis and possibly a Data Protection Impact Assessment (DPIA) before the start of your project. Also check out the measures you can take to process the data with minimal risk.
Sensitive personal data are data revealing:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership of trade unions
- Genetic data
- Biometric data for the purpose of uniquely identifying a natural person
- Physical or mental health condition
- Sexual life or orientation
- Convictions, proceedings and criminal acts
- National Identification Number (BSN in the Netherlands)
Pseudonymisation and anonymisation
To protect the privacy of survey respondents, it is mandatory to pseudonymise or anonymise (special categories of) personal data.
Pseudonymisation
In the GDPR, pseudonymisation is defined as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” When pseudonymising a dataset, it is important to store the dataset and the additional information separately. Identifying information is stored outside Qualtrics, reducing the privacy risk for data subjects. This procedure is especially recommended for research with special categories of personal data. Contact your local division administrator to assist you with pseudonimysing your data processing in Qualtrics.
Pseudonymisation is not the same as anonymisation. In contrast with anonymised data, pseudonymised data can still be linked to the identifiable data. So re-identification remains possible. Pseudonymised data are categorised as personal data and compliance with the GDPR is required.
Pseudonymisation is needed when respondent and response should still be coupled, e.g. for further research.
Anonymisation
Anonymised data can no longer be identified. Any information that may result in the identification of a data subject must be irreversibly removed from the dataset. Irreversibly anonymised data is not categorised as personal data and compliance with the GDPR is no longer required.
Find information about anonymising responses and about the anonymous link in Qualtrics.
Be careful: if your survey contains personal questions that can lead to identifiable responses, the dataset is NOT anonymised (even if you made use of the anonymous link and anonymised the response).
Note that true anonymization is often difficult to achieve. Using advanced techniques, additional datasets you don’t know exist or very large computing power (in the future), it may be possible to link the data you collected to people.
Be aware that anonymisation of responses cannot be undone.
Sample size calculation
When starting a survey it is important to carefully consider the number of participants you will include.
You should not include more participants than is required to get a representative of the target population.
Qualtrics offers an online sample size calculator which helps you determine your ideal survey sample size.
Research with sensitive personal data, in a single measurement
When you collect special categories of personal data, you can take the following measures to process the data with minimal risk:
- Approach your respondents via an anonymous link
- Questions and documents in your survey do not include any (combination of) data which could identify your participants. E.g., if you ask for sexual preference, you cannot ask for the participant’s email address as well.
Download and delete all data of the study immediately from Qualtrics when you have finished the survey.
Research with special categories of personal data, using multiple measurements
When you gather special categories of personal data in your surveys and also require participant contact details to send notifications for subsequent measurements, you’ll need to use pseudonymisation to process the data with minimal risk. This means that in Qualtrics only a unique identifier for a participant is stored, but the key to the actual contact details is stored separately.
Please contact your local division administrator. They can assist you with pseudonymising your data processing to protect the privacy of your participants in Qualtrics. Also, questions and documents in your survey should not include any (combination of) data which could identify your participants. E.g., if you ask for sexual preference, you cannot ask for the participant’s email address as well.
Download your data and delete the data from Qualtrics when you have finished the survey.
File upload
In Qualtrics, you have also the option to upload files. The file upload question type allows respondents to upload a file along with their survey response. Using this functionality, you can collect data that may not be available otherwise. Be aware that you are not allowed to upload sensitive personal data if (a combination of) this data could identify your participants.
For more information, contact your local division administrator.
Please note that when uploading a file, the file may contain personal data that you may not be aware of. Image files, for example, may contain personal data even if the image itself does not show a person. Creation date, location where the image was taken, etc. are often stored as metadata for individual images and can lead to identification of the creators of the images. So always consider carefully whether your dataset is truly anonymous.
AUP and RDM policies
Use of Qualtrics Research Suite should be in accordance with the Acceptable Use Policy (AUP) of Maastricht University.
Find more information and legal obligations on processing (special categories of) personal data on the RDM Policies page..