User research survey & GDPR
I'm hoping to create and ask some user research surveys shortly and wanted to ask how people are treating the GDPR regulations in this area.
At a high level, I want to capture personally identifiable data (PID) to understand the demographics of the respondents. I'm aware I also need to get a signed acceptance to use their data.
I know that I'm under an obligation to remove PID both on request and when it's not reasonably needed. Do people generally follow this and discard results? or do people tend to use the signed acceptance to override this?