How much do you know about GDPR?
Assess your knowledge on the GDPR by taking this Nebu survey!
Are you ready for GDPR? The GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679) that comes into force in 28 countries in Europe on 25th May 2018. GDPR is a regulation agreed by the European Union which seeks to improve transparency and the effectiveness of data protection activities. GDPR is not a piece of legislation that research companies will want to avoid.
Learn read more about what GDPR means for the marketing research industry by reading Nebu's and guests' blog post in the GDPR category.
In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous two blog article touched upon how GDPR might influence conducting CATI and WAPI interviews. In this one I'd like to ponder on how the new legislation may affect conducting CAPI surveys, as well as Mixed-mode studies and mode independent research projects.
As CAPI mode is a personal (F2F) interview, it gives a chance for collecting different type of data than in WAPI or CATI mode, that also needs different handling:
In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous blog article touched upon how GDPR might influence conducting CATI interviews. In this one I'd like to ponder on how the new legislation may affect conducting WAPI surveys.
As you could read in our previous blog post, the EU GDPR affects all companies, that deal with data of EU citizens. Every company needs to be aware their data flows, whether it is related to ‘generic’ customer data, or data is collected for well defined purposes.
Having an overall data-flow, attached to the company procedures in practice, will be your biggest help pinpointing risks, vulnerabilities, or improvement possibilities. Having said that, it has to be one of the very first steps, describing the INs and OUTs of all your data you need to deal with.
Next, and two of the most important, steps are classifying the data, and your role related to it - this requires continuous attention from your staff, as soon as new processes are established, that affect the data-flow. In our previous blog post we described the roles and data classification types. Not all data requires attention - this though sounds to be a case easy to deal with, you still need to guarantee, that a certain point you do not start mixing this data with personal identifiers or sensitive data. For the data, that you need to handle with high attention, the following factors have to be considered:
This list may look a bit abstract at first glance, but let’s examine some market research practices (without the aim of completeness) per different mode, and pinpoint challenges from these aspects.
CATI interviews can start on two different paths:
In both cases, you can end up in a few “feels tricky” situations. First and most important, is that you need to be aware of laws, that apply to your activity. This includes whether or not RDD sample is allowed to use at all, and also indicates, if do not call lists (blacklists) have to be applied.
After publishing our previous blog post (about a new Nebu Dub InterViewer functionality helping users to comply with the upcoming GDPR), we've received a lot of inquiries regarding solutions that already exist in the system, and future developments to be released to clients before 25th of May 2018, when the new legislation comes into force.
First of all, we've made the GDPR a priority from Dub InterViewer development point of view. We've analyzed the requirements and obligations of the legislation with regards to the marketing research industry, which has resulted in a list of (planned) developments, as part of our release cycle before May 2018. In summary, this boils down to:
In the previous two articles posted in the GDPR category on Nebu's blog, we've covered the high-level overview of what the GDPR requirements and principles are. Now, let's dive into more specific, product-driven details.
More and more, clients ask us about Nebu Dub InterViewer's functionalities supporting them in complying with the upcoming GDPR legislation. One of the frequently reoccurring inquiries concerns removing respondent data from the project.
When the respondent completed the interview, and a project is not a longitudinal study, often there is no use anymore for the client to keep the respondent data. In the light of GDPR removing or anonymizing that data even becomes a necessity.
In such case, it makes sense that the respondent data is 'disconnected' from the answers by removing the personally identifiable information from the sample data. Let's see how Nebu Dub InterViewer handles that for you.
Indeed, the functionality we're introducing in this blog post is one of key elements of complying with the GDPR as it fulfils four of six GDPR principles. Having an ability to set up an automated flow on how sample data will be processed in a project upfront will help fieldwork and marketing researchers adhere to:
In the previous post, we explained what the main new roles introduced by GDPR are and what the impact of the new legislation is. Now, let's dive into more details.
If you process EU citizens data as part of your activity, regardless whether that processing occurs in or out of the EU, then the GDPR applies to you. Bear in mind that employee data and customer data ARE personal data. And the simple fact of storing that data is considered a processing activity.
The GDPR is not simply a ticking boxes process to avoid a big fine. It is principles driven and aim to change the way we perceive and treat personal data. There are six principles, listed below:
Most likely, you have heard about upcoming new legislation in relation to the processing of personal data. This General Data Protection Regulation (GDPR) will be in effect per May 25th, 2018, and has a big impact on Market Research, as well as other industries.
In many market research projects, personal data is being collected, which means you have to have a basic understanding at least, of what GDPR entails. In this article we want to inform you about steps you can take to ensure you comply with the new legislation, to avoid potentially high penalties.
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission, intended to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control