The GDPR affects all companies, that deal with data of EU citizens. In this article we will address specific implications that GDPR might have on our industry and the daily work of fieldwork and marketing research companies.
In a series of three blog posts we're considering implications of the GDPR in regards to marketing research industry. The previous blog article touched upon how GDPR might influence conducting CATI interviews. In this one I'd like to ponder on how the new legislation may affect conducting WAPI surveys.
Mode specific considerations: WAPI
Invites are often going out via the Market Research company, be sure, personal identifiers are not appearing at unwanted storage sections (or for how long those are stored) like SMTP logs
If invites are sent via a third party system, be sure, where that service is located geographically, do you need to obey some (local) laws, and how data retention is addressed there. If an email list has to be uploaded there for an email invitation campaign, establish a policy of removing personal data, when not needed anymore
Web server logs can be “talkative”, ensure that the collected data is relevant for the operational questions and needed for support
The applied protocols and how browsers are working can give a lot of space for collecting data in passive mode (type of device, IP address of respondent, via that geographical location, digital fingerprinting, used browser etc) if you have the ability to collect such data, and you do live with that option (that often gives useful information for solving survey related technical difficulties) you need to inform the respondent about this fact, and what you do with this data. Also a good option, if it is available, configuring the system not to collect passive data. Note, this is often used as quality control step, so not always possible.
Read all articles in this series:
GDPR - Market Research Implications #1 - CATI GDPR - Market Research Implications #2 - WAPI (you are reading this article now) GDPR - Market Research Implications #3 - CAPI, Mixed-mode, Mode independent projects (this blog post will be published soon)
Disclaimer: This blog was created by Nebu in order to provide a high-level, general understanding of GDPR, and should by no means be considered or used as a substitute for legal advice. Nebu does not accept any responsibility or liability for the accuracy, completeness, legality, or reliability of the information contained on this blog.
Zoltan Szuhai has worked for Nebu for more than 15 years and is Managing Director of the Development Centre in Debrecen, Hungary, with responsibilities for running the office and legal administration. The primary technical role is as a Director Research & Development: managing the Development Team and applying agile methodologies and responding to technology-related requirements. Previous experience within IT environments, including Client liaison and time spent as a Software Engineer, gives Zoltan a good understanding of the technical challenges of our industry.