User research survey & GDPR
I'm hoping to create and ask some user research surveys shortly and wanted to ask how people are treating the GDPR regulations in this area.
At a high level, I want to capture personally identifiable data (PID) to understand the demographics of the respondents. I'm aware I also need to get a signed acceptance to use their data.
I know that I'm under an obligation to remove PID both on request and when it's not reasonably needed. Do people generally discard the associated results when this occurs? If I can't identify the individual result it seems like I might need to discard the whole result set.