Security

At Nebu we know the importance of data security in the Market Research Industry.

Secure data collection is not only about applying secure storage or secure transmission of the data. It is also about the ability to apply data privacy regulations on the project of the specific country the data is collected.

Security applies to every phase of a project and each of these phases has specific security characteristics. It involves Encryption, Storage, preventing unauthorized access, data privacy, and deletion.

Zoltan Szuhai
Posted on 4 May 2018 in GDPR
by Zoltan Szuhai
4 min

GDPR - Market Research Implications #3 - CAPI, Mixed-mode, Mode independent projects

In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous two blog article touched upon how GDPR might influence conducting CATI and WAPI interviews. In this one I'd like to ponder on how the new legislation may affect conducting CAPI surveys, as well as Mixed-mode studies and mode independent research projects.  

GDPR_CAPI_Implications

Mode specific considerations: CAPI

As CAPI mode is a personal (F2F) interview, it gives a chance for collecting different type of data than in WAPI or CATI mode, that also needs different handling:

Read More...
Zoltan Szuhai
Posted on 1 May 2018 in GDPR
by Zoltan Szuhai
2 min

GDPR - Market Research Implications #2 - WAPI

In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous blog article touched upon how GDPR might influence conducting CATI interviews. In this one I'd like to ponder on how the new legislation may affect conducting WAPI surveys. 

GDPR_WAPI_Implications

Mode specific considerations: WAPI

Read More...
Zoltan Szuhai
Posted on 26 April 2018 in GDPR
by Zoltan Szuhai
4 min

GDPR - Market Research Implications #1 - CATI

As you could read in our previous blog post, the EU GDPR affects all companies, that deal with data of EU citizens. Every company needs to be aware their data flows, whether it is related to ‘generic’ customer data, or data is collected for well defined purposes.

Having an overall data-flow, attached to the company procedures in practice, will be your biggest help pinpointing risks, vulnerabilities, or improvement possibilities. Having said that, it has to be one of the very first steps, describing the INs and OUTs of all your data you need to deal with.

Next, and two of the most important, steps are classifying the data, and your role related to it - this requires continuous attention from your staff, as soon as new processes are established, that affect the data-flow. In our previous blog post we described the roles and data classification types. Not all data requires attention - this though sounds to be a case easy to deal with, you still need to guarantee, that a certain point you do not start mixing this data with personal identifiers or sensitive data. For the data, that you need to handle with high attention, the following factors have to be considered:

  • in what format that data exists (do not allow yourself to merely focus on data sitting in databases, as there are files, emails, documents, tables around and this is still just digital data, there can be data on paper as printed lists, in sound recordings, etc)
  • How is the data transferred between destinations, does the transfer method have the appropriate characteristics in terms of security, control and accessibility
  • storage location chosen
  • who can access the data in each destination
  • who is accountable for the data in each destination
  • lifecycle of data - when does it appear in your system, how and when it can be removed, or whether removing is an option at all

This list may look a bit abstract at first glance, but let’s examine some market research practices (without the aim of completeness) per different mode, and pinpoint challenges from these aspects.

GDPR_CATI_Implications

Mode specific considerations: CATI

CATI interviews can start on two different paths:

  • start with an RDD (or semi-RDD) sample
  • start with a ‘normal’ sample

In both cases, you can end up in a few “feels tricky” situations. First and most important, is that you need to be aware of laws, that apply to your activity. This includes whether or not RDD sample is allowed to use at all, and also indicates, if do not call lists (blacklists) have to be applied.

Read More...
Wouter Eijben
Posted on 26 March 2018 in GDPR
by Wouter Eijben
3 min

Nebu Dub InterViewer in light of the GDPR

After publishing our previous blog post (about a new Nebu Dub InterViewer functionality helping users to comply with the upcoming GDPR), we've received a lot of inquiries regarding solutions that already exist in the system, and future developments to be released to clients before 25th of May 2018, when the new legislation comes into force.

main_blog_wouter.jpg

First of all, we've made the GDPR a priority from Dub InterViewer development point of view. We've analyzed the requirements and obligations of the legislation with regards to the marketing research industry, which has resulted in a list of (planned) developments, as part of our release cycle before May 2018. In summary, this boils down to:

Read More...
Jan Raaphorst
Posted on 19 March 2018 in GDPR
by Jan Raaphorst
4 min

GDPR in Marketing Research: Remove respondent data automatically upon completing a survey

In the previous two articles posted in the GDPR category on Nebu's blog, we've covered the high-level overview of what the GDPR requirements and principles are. Now, let's dive into more specific, product-driven details.

More and more, clients ask us about Nebu Dub InterViewer's functionalities supporting them in complying with the upcoming GDPR legislation. One of the frequently reoccurring inquiries concerns removing respondent data from the project. 

When the respondent completed the interview, and a project is not a longitudinal study, often there is no use anymore for the client to keep the respondent data. In the light of GDPR removing or anonymizing that data even becomes a necessity.

cleaningdata-min.jpg

In such case, it makes sense that the respondent data is 'disconnected' from the answers by removing the personally identifiable information from the sample data. Let's see how Nebu Dub InterViewer handles that for you.

Indeed, the functionality we're introducing in this blog post is one of key elements of complying with the GDPR as it fulfils four of six GDPR principles. Having an ability to set up an automated flow on how sample data will be processed in a project upfront will help fieldwork and marketing researchers adhere to:

Read More...
Pauline Besnier
Posted on 9 February 2018 in GDPR
by Pauline Besnier
6 min

What is GDPR? - Requirements, Principles, & deadlines - Guide | Nebu

In the previous post, we explained what the main new roles introduced by GDPR are and what the impact of the new legislation is. Now, let's dive into more details.

Who is concerned?

Everyone!

If you process EU citizens data as part of your activity, regardless whether that processing occurs in or out of the EU, then the GDPR applies to you. Bear in mind that employee data and customer data ARE personal data. And the simple fact of storing that data is considered a processing activity.

GDPR_Pauline2-min.jpg

Six principles of the GDPR 

The GDPR is not simply a ticking boxes process to avoid a big fine. It is principles driven and aim to change the way we perceive and treat personal data. There are six principles, listed below:

Read More...
Wouter Eijben
Posted on 15 December 2017 in GDPR
by Wouter Eijben
4 min

GPDR for marketers - Marketing research - Complete Guide | Nebu

Most likely, you have heard about upcoming new legislation in relation to the processing of personal data. This General Data Protection Regulation (GDPR) will be in effect per May 25th, 2018, and has a big impact on Market Research, as well as other industries.

In many market research projects, personal data is being collected, which means you have to have a basic understanding at least, of what GDPR entails. In this article we want to inform you about steps you can take to ensure you comply with the new legislation, to avoid potentially high penalties.

GDPR ready.jpg


What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission, intended to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control

Read More...
Eric van Velzen
Posted on 15 April 2016 in Security
by Eric van Velzen
4 min

SSL as Part of the Service

Nebu's basic principle is to provide a safe and secure environment for our clients, for the personal data, survey responses and market insight information they collect.

Nowadays securing data is one of the biggest challenges for the Market Research Industry. When you keep information online you can't lock it away to be 100% sure that no one else can see it. You need to be aware that during any transfer process both you and your customer might lose control over the data, and over who is accessing it. You need to do everything possible to prevent this from happening. You should secure devices, both on the browser and the hosting side. Unfortunately the pipes of the online world are out of your hands, but don't worry, there is something you can do.

Read More...
Eric van Velzen
Posted on 1 April 2016 in Security
by Eric van Velzen
2 min

An Overview of Penetration Testing

The IT security has an important role in the Market Research Industry. Not only does it need to be robust so that fieldwork is completed reliably and on time, but needs to be secure to ensure data collected is accessible and usable by those able to do so, but also so that Personally Identifiable Data is kept confidential. It is essential to secure the data you collect, but sometimes it can cause headaches because of the number of attacks on your data.

First, let me clarify what a Penetration test is and how it usually works.

Read More...
Eric van Velzen
Posted on 25 March 2016 in Security
by Eric van Velzen
4 min

3 Main Benefits of Server Maintenance From Security Aspect

In this blog post we will target explaining the importance of server and environment maintenance from security point of view. In our industry security is proven to be a key element and as is, needs continuous attention, instead of assuming that with a one time action proper security level can be achieved. This latest statement can be odd, you can think about why is that? How it can be ruined if once it is made great? Software components can contain bugs, security leaks, which are already there, but has not been discovered yet - when such a vulnerability has been identified and made public, servers or software components with this vulnerability can be easy target.

Therefore Nebu decided to perform more frequent server maintenance: it always has been important to keep servers up-to-date, but we clearly realized that updates have to be frequent enough to increase security and to decrease downtime.

Read More...
Ian Roberts
Posted on 2 December 2013 in Security
by Ian Roberts
30 sec

Data Protection & Security

As the world becomes smaller, and information is ever accessible, concerns grow over privacy, data protection and personal information.

Read More...
Ian Roberts
Posted on 14 March 2013 in Security
by Ian Roberts
2 min

The Online Conundrum: Balancing Trust with Reach

We all know the benefits of being online: speed of response, geographical spread, sample size. And are probably aware of the issues we face in our daily online lives: spam, phishing, identity theft.... But do we ever consider them together?

iStock_75278327.jpg

Read More...

Subscribe to Email Updates