Zum Hauptinhalt springen

Guide

GDPR requirements for digital voting

Running a vote means handling personal data - at minimum, who is eligible. This guide explains, in plain language, what GDPR expects when you take voting online.

Personal data in a vote

The clearest personal data in a vote is the census: the list of eligible voters, usually with names and contact details. The ballot itself should not be personal data at all, because in a well-designed system it is anonymous and unlinkable to a person.

Lawful basis and data minimization

You need a lawful basis to process the census - often the legitimate interest of running your governance, or a legal or statutory obligation. Data minimization is central: collect only what you need to confirm eligibility and contact voters, and nothing more.

Secrecy, retention and deletion

Ballot secrecy aligns naturally with GDPR: if no one can link a ballot to a voter, the most sensitive data simply does not exist. Define how long you keep the census and the evidence pack, and delete personal data when it is no longer needed.

Processors, hosting and transparency

If a platform processes data on your behalf, it is a data processor and you should have an agreement in place. EU hosting and clear documentation make compliance easier, and voters should be told plainly how their data is used.

Key takeaways

  • The voter census is personal data; an anonymous ballot is not.
  • Establish a lawful basis and collect only the data you need.
  • Ballot secrecy supports GDPR by minimizing sensitive data.
  • Set retention periods and delete data when no longer needed.
  • Use a platform that acts as a clear data processor with EU hosting.

Frequently asked questions

See it in your organization

Explore how secure, verifiable voting fits your type of organization.

Explore solutions
Back to all guides