Implementing the GDPR

The hottest topic on all global compliance radars is the General Data Protection Regulation (GDPR). If you haven’t heard about this law, then you’ll want to do your homework fast before it comes into effect on May 25th. GDPR was developed to create a consistent approach to data protection for European residents. It gives people the right to control their personal data, requiring companies to ensure “privacy by design.” This strengthening of data privacy requirements will have an effect on a variety of industries, hitting marketing hardest; however, it will have important ramifications for conducting market research as well. With the European Union (EU) threatening fines of millions of Euros to offenders, taking GDPR seriously is critical to being simultaneously customer-focused and profitable. Over the past few months, we have taken a holistic approach to ensuring we are compliant with GDPR by focusing on three main areas:

1. We revised our consent process
   While personal data can be acquired and processed under other legal bases, consent is critical within the market research industry. We have confirmed that all informed consents used in studies involving European countries will meet GDPR standards for transparency. We will also maintain records of these consents.
2. We reviewed and updated our data processing activities
   We developed a stringent data cleaning process for GDPR-compliant studies to ensure personally identifiable information is tied to survey data or interview data only as long as necessary. While we will always have access to survey/verbatim responses, we plan to anonymize all data within 12 months of data collection. We believe this approach appropriately balances respondent privacy with the need for subsequent data analyses.
3. We plan to work closely with our European recruitment partners to report adverse events as efficiently as possible
   Our partners may opt to report adverse events directly to our clients, limiting the number of parties who have access to personally identifiable information. We will confirm all requirements before initiating data collection to ensure appropriate compliance from all parties.

We’ll be sure to keep you informed of any additional changes related to GDPR and conducting international market research, in general. For now, follow us on LinkedIn and Twitter to receive all our updates!