GDPR in the Marketing Research Industry

Are you ready for GDPR? The GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679) that comes into force in 28 countries in Europe on 25th May 2018. GDPR is a regulation agreed by the European Union which seeks to improve transparency and the effectiveness of data protection activities. GDPR is not a piece of legislation that research companies will want to avoid.

Learn read more about what GDPR means for the marketing research industry by reading Nebu's and guests' blog post in the GDPR category.  

Are you ready for GDPR?
Malgorzata Mleczko
Posted on 24 May 2018 in GDPR
by Malgorzata Mleczko
1 min

GDPR Knowledge Test

How much do you know about GDPR?

Assess your knowledge on the GDPR by taking this Nebu survey!


Zoltan Szuhai
Posted on 4 May 2018 in GDPR
by Zoltan Szuhai
4 min

GDPR - Market Research Implications #3 - CAPI, Mixed-mode, Mode independent projects

In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous two blog article touched upon how GDPR might influence conducting CATI and WAPI interviews. In this one I'd like to ponder on how the new legislation may affect conducting CAPI surveys, as well as Mixed-mode studies and mode independent research projects.  


Mode specific considerations: CAPI

As CAPI mode is a personal (F2F) interview, it gives a chance for collecting different type of data than in WAPI or CATI mode, that also needs different handling:

Zoltan Szuhai
Posted on 1 May 2018 in GDPR
by Zoltan Szuhai
2 min

GDPR - Market Research Implications #2 - WAPI

In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous blog article touched upon how GDPR might influence conducting CATI interviews. In this one I'd like to ponder on how the new legislation may affect conducting WAPI surveys. 


Mode specific considerations: WAPI

Zoltan Szuhai
Posted on 26 April 2018 in GDPR
by Zoltan Szuhai
4 min

GDPR - Market Research Implications #1 - CATI

As you could read in our previous blog post, the EU GDPR affects all companies, that deal with data of EU citizens. Every company needs to be aware their data flows, whether it is related to ‘generic’ customer data, or data is collected for well defined purposes.

Having an overall data-flow, attached to the company procedures in practice, will be your biggest help pinpointing risks, vulnerabilities, or improvement possibilities. Having said that, it has to be one of the very first steps, describing the INs and OUTs of all your data you need to deal with.

Next, and two of the most important, steps are classifying the data, and your role related to it - this requires continuous attention from your staff, as soon as new processes are established, that affect the data-flow. In our previous blog post we described the roles and data classification types. Not all data requires attention - this though sounds to be a case easy to deal with, you still need to guarantee, that a certain point you do not start mixing this data with personal identifiers or sensitive data. For the data, that you need to handle with high attention, the following factors have to be considered:

  • in what format that data exists (do not allow yourself to merely focus on data sitting in databases, as there are files, emails, documents, tables around and this is still just digital data, there can be data on paper as printed lists, in sound recordings, etc)
  • How is the data transferred between destinations, does the transfer method have the appropriate characteristics in terms of security, control and accessibility
  • storage location chosen
  • who can access the data in each destination
  • who is accountable for the data in each destination
  • lifecycle of data - when does it appear in your system, how and when it can be removed, or whether removing is an option at all

This list may look a bit abstract at first glance, but let’s examine some market research practices (without the aim of completeness) per different mode, and pinpoint challenges from these aspects.


Mode specific considerations: CATI

CATI interviews can start on two different paths:

  • start with an RDD (or semi-RDD) sample
  • start with a ‘normal’ sample

In both cases, you can end up in a few “feels tricky” situations. First and most important, is that you need to be aware of laws, that apply to your activity. This includes whether or not RDD sample is allowed to use at all, and also indicates, if do not call lists (blacklists) have to be applied.

Wouter Eijben
Posted on 26 March 2018 in GDPR
by Wouter Eijben
3 min

Nebu Dub InterViewer in light of the GDPR

After publishing our previous blog post (about a new Nebu Dub InterViewer functionality helping users to comply with the upcoming GDPR), we've received a lot of inquiries regarding solutions that already exist in the system, and future developments to be released to clients before 25th of May 2018, when the new legislation comes into force.


First of all, we've made the GDPR a priority from Dub InterViewer development point of view. We've analyzed the requirements and obligations of the legislation with regards to the marketing research industry, which has resulted in a list of (planned) developments, as part of our release cycle before May 2018. In summary, this boils down to:

Jan Raaphorst
Posted on 19 March 2018 in GDPR
by Jan Raaphorst
4 min

GDPR in Marketing Research: Remove respondent data automatically upon completing a survey

In the previous two articles posted in the GDPR category on Nebu's blog, we've covered the high-level overview of what the GDPR requirements and principles are. Now, let's dive into more specific, product-driven details.

More and more, clients ask us about Nebu Dub InterViewer's functionalities supporting them in complying with the upcoming GDPR legislation. One of the frequently reoccurring inquiries concerns removing respondent data from the project. 

When the respondent completed the interview, and a project is not a longitudinal study, often there is no use anymore for the client to keep the respondent data. In the light of GDPR removing or anonymizing that data even becomes a necessity.


In such case, it makes sense that the respondent data is 'disconnected' from the answers by removing the personally identifiable information from the sample data. Let's see how Nebu Dub InterViewer handles that for you.

Indeed, the functionality we're introducing in this blog post is one of key elements of complying with the GDPR as it fulfils four of six GDPR principles. Having an ability to set up an automated flow on how sample data will be processed in a project upfront will help fieldwork and marketing researchers adhere to:

Pauline Besnier
Posted on 9 February 2018 in GDPR
by Pauline Besnier
6 min

What is GDPR? - Requirements, Principles, & deadlines - Guide | Nebu

In the previous post, we explained what the main new roles introduced by GDPR are and what the impact of the new legislation is. Now, let's dive into more details.

Who is concerned?


If you process EU citizens data as part of your activity, regardless whether that processing occurs in or out of the EU, then the GDPR applies to you. Bear in mind that employee data and customer data ARE personal data. And the simple fact of storing that data is considered a processing activity.


Six principles of the GDPR 

The GDPR is not simply a ticking boxes process to avoid a big fine. It is principles driven and aim to change the way we perceive and treat personal data. There are six principles, listed below:

Wouter Eijben
Posted on 15 December 2017 in GDPR
by Wouter Eijben
4 min

GPDR for marketers - Marketing research - Complete Guide | Nebu

Most likely, you have heard about upcoming new legislation in relation to the processing of personal data. This General Data Protection Regulation (GDPR) will be in effect per May 25th, 2018, and has a big impact on Market Research, as well as other industries.

In many market research projects, personal data is being collected, which means you have to have a basic understanding at least, of what GDPR entails. In this article we want to inform you about steps you can take to ensure you comply with the new legislation, to avoid potentially high penalties.

GDPR ready.jpg

What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission, intended to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control


Subscribe to Email Updates