2.4 Form encryption
SurveyCTO provides enhanced protection for the collected data. Beyond its compliance with the GDPR (European General Data Protection Regulation) and other data protection and privacy regulations, SurveyCTO also allows to de-identify and pseudonymise certain data collected, including personal and/or sensitive data.
Indeed, the use of a pair of public and private keys makes it possible to pseudonymise certain fields of the questionnaire. Variables containing names or other Personally Identifiable Information (PII) and/or sensitive data can be encrypted and thus de-identified by the user using a public key, so that no other person can access them. Decryption is only possible using the private key, which of course should not be shared.
Regarding data encryption, having all of the questions encrypted will not always be relevant.
Cases dataset however cannot be encrypted. The data collected as part of case tracking can thus not be encrypted, which is an important limitation of the system.