Data security in LimeSurvey: Everything you need to know

We want our users and our community to feel safe and protected when working on and with our online survey software, which is why we will expound on the essentials you need to know in terms of laws, measures, and security associated with data gathered by LimeSurvey. There are different legislative levels involved in the bigger picture of data security that LimeSurvey is subject to.   Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) Starting at the organizational level, on which LimeSurvey receives data input from any potential user, data security and privacy have to be ensured by orders of the superior federal state level, i.e., the respective legislation of any of the 16 federal states in Germany. However, these multiple federal state data protection laws have to coexist with regulations on the country level, the Federal Data Protection Act, which was first introduced in 1978. You can read the details of the Federal Data Protection Act here.  Any German organization such as LimeSurvey has to adhere to any data security regulations dictated by the Federal Data Protection Act and the federal state laws. The Federal Data Protection Act is further connected to European regulations. European Data Protection Directive 95/46/EC The Data Protection Directive 95/46/EC was adopted by the European Union in 1995 in order to regulate data processing and laws within its member states. It serves to specify and dictate minimal data security requirements that each member state is to incorporate into internal law. In fact, by 1998 all member states had created their own data protection laws according to the European Data Protection Directive, including Germany. You can find out more about the European Data Protection Directive 95/46/EC here. General Data Protection Regulation (GDPR) The General Data Protection Regulation is a new data protection regulation drafted by the European Union and will replace the previously existing European Data Protection Directive, as well as the German Federal Data Protection Act, and will, therefore, directly impact German laws on data security, including measures undertaken by LimeSurvey to keep users' data safe. The GDPR was implemented on 25 May 2018 and aims at strengthening data protection throughout the EU by unifying regulations incorporated into the national law of all member states. Thus, data security policies will assimilate in the future across countries in the European Union. The goal is to increase data security by standardizing regulations within an established and dynamically cooperating inner-European market. The reason for this radical shift of EU regulations is founded on increasing data abuse possibilities due to expanding cloud computing and big data efforts prevalent among organizations in all areas nowadays. You can find out more about the European General Data Protection Regulation here.     In Safe Hands with LimeSurvey Any data collected and processed by LimeSurvey is done strictly within the legal requirements. We are an Open Source organization that thrives on our great community without forcing or restricting anyone's use of our online survey software. The community can only keep growing safely if data protection is ensured at all times, which is the most valuable user right in the eyes of the LimeSurvey company.LimeSurvey neither discloses any user data publicly nor transfers any user data to any third party without explicit consent. It has always been this way and will always remain this way.Amen.