Skip to main content
European Citizens' Initiative

Data Protection Guidance - Question 4

Go back to the main page of the Data Protection Guidance for the organisers


Data Protection Guidance - Question 4

Security – what steps should you take when collecting signatories’ data on paper?

Applies to Case scenario 2

When statements of support (and email addresses as the case may be) are collected on paper forms, they are also considered as personal data that must be protected in accordance with the GDPR.

Security measures

As a group of organisers, you must implement technical and organisational security measures to protect  personal data provided in statements of support in particular against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access, taking into account the risks to signatories.

The relevant measures should include at least:

  • Physically securing paper statement forms when stored (preferably locked in safes)
  • Submitting collected paper forms to the relevant Member State validation and certification authorities in a secure way, e.g. by registered post, by trusted carrier or using the Commission file exchange service.  

PLEASE NOTE: Requirements when collecting statements of support with the help of campaigners


  • Articles 28 and 32 of the GDPR


Want to learn and collaborate?