The open comments and unrestricted pivot table contain detailed survey responses.
Client universities choose to receive either identified survey responses (including Student IDs) or de-identified survey responses (where responses are anonymous).
Identified Survey Responses
This includes Personal Data under the General Data Protection Regulation (Regulation 2016/679) ("GDPR").
Personal Data is defined in the Regulation as data which relates to a living individual who can be identified
from the data (or a combination of the data and any other information you have available).
De-Identified Survey Responses
This is not Personal Data under the General Data Protection Regulation (Regulation 2016/679) ("GDPR").
Personal Data is defined in the Regulation as data which relates to a living individual who can be
identified from the data (or a combination of the data and any other information you have available).
However, we cannot absolutely guarantee that the open comments and pivot table do not contain data or a
combination of data which could, potentially, be used in an attempt to infer the identity of an
individual. Such instances are unlikely, but it is possible, for example, that a respondent may
include a comment which could be used to infer their identity
In both cases (identified or de-identified survey responses), both i-graduate and the client need to
ensure that they are fully compliant with data protection regulations. Before we, (i-graduate),
provide the open comments and unrestricted pivot tables we would draw your attention to the following
which summarises key points from the T&C’s:
When distributing findings within the institution, care must be taken to avoid identification of students.
This would necessitate removal of all personally identifiable information including certain demographic and
educational background variables from the dataset before distribution. If an individual can be identified in
the open comments, pivot table or other survey data file, such information must be treated as confidential.
In addition, the institution shall not process the information to (a) support measures or decisions with
respect to individuals or (b) in such a way that damage or distress is, or is likely to be, caused to any individual.
At all times you must comply with the General Data Protection Regulation (Regulation 2016/679) ("GDPR")
and keep Personal Data secure and only use such data in accordance with the data protection principles as
set out in the Regulations.
The Data supplied shall be processed only for the purposes of further analysis on the survey results.
It is your responsibility to ensure that you take such technical and organisational security
measures against unauthorised and unlawful processing of, accidental loss of, destruction of or
damage to Personal Data as may be required, and have regard to the state of technological development
and the cost of any measures, to ensure a level of security appropriate to the harm that might result
from such processing, loss, destruction or damage and the nature of the data to be protected.
It is your responsibility to ensure that all employees and any other persons authorised
to view the Survey Results abide by the terms of this Agreement and the General Data Protection
Regulation (Regulation 2016/679) ("GDPR"). Under no circumstances should the open comments and
pivot table be made available in a publicly accessible area, this includes your external website,
intranet or any shared network area.
