The General Data Protection Regulation (GDPR) took effect on May 25th, 2018. It is a new and far-reaching privacy regulation. You can read more about how Automattic is implementing the GDPR’s principles in this document that covers the company wide policies that include Polldaddy. We have also written a support document on the GDPR.
We have created a GDPR Access Tool that anyone can use to to query information associated with their email address. A form on that page asks for an email address, and then sends a message to that address to verify ownership of the address. Once confirmed the page displays any polls votes or survey/quiz responses.
The respondent can then examine the responses through that page, download the data, or request either individual responses or every response be deleted.
Clicking the download button will start a process that collects all your information, including uploaded files. Poll responses are put into a single HTML file while survey responses are in separate HTML files and one CSV file. There is a cover index.html that links to each file making navigation easier.
Polldaddy Users, as data controllers of their polls, surveys and quizzes, now have a new Data Subject Erasure Requests page where these delete requests can be taken care of. When a request to delete data is made an email is sent to the data controller 24 hours later.
Responses can be deleted or ignored on that page. Sometimes it is necessary for an organization to retain information because it has a legitimate use for it. As you can see from the screenshot above, each request tells the data controller if the request was made by an IP address in the EU. For the purposes of the example, the IP 192.168.1.1 was used but this IP address is actually the IP address of the original poll voter, and is already visible to paid Polldaddy users. It is not the IP from which the delete request was made.
Polldaddy support staff cannot handle GDPR access or delete requests but contact us if you have any queries.