GDPR in the market research sector – is your firm compliant?
May 25th 2018 marked the official introduction of the EU's General Data Protection Regulation (GDPR), the aim of which is to standardise legal rules around the collection, storage and use of personal data relating to EU citizens.
This could be one of the most significant compliance events of recent years for many businesses, including those that are not based in Europe but process personal data belonging to residents of EU countries.
One industry that will be particularly affected by the commencement of GDPR – given its reliance on the collection and use of personal data – is market research. Businesses in this sector need to prepare for the impact of the regulatory change and ensure they are taking the proper approach to legal documentation and other fundamental aspects of their everyday operations.
GDPR: A refresher
The 2018 launch of GDPR is the culmination of more than six years of development and negotiations within the EU. It was officially adopted by the European Parliament in April 2016, giving affected organisations two years to work towards full compliance.
Under the new regulatory framework, organisations handling personal data belonging to EU residents are classed as controllers (those that collect personal information) or processors (those that process the data on behalf of a controller).
These businesses are now required to uphold certain standards, including privacy rules stating that personal data must be stored using pseudonymisation or full anonymisation.
GDPR also requires organisations to ensure that personal data is processed only on the lawful basis outlined by the regulation, and that individuals have given explicit 'opt-in' consent for their data to be used. There must be a process in place for this permission to be removed at any time.
Citizens have also been given new rights to request access to their personal data and to ask for their information to be erased from an organisation's records.
Non-compliance with GDPR could have serious financial repercussions for businesses, with EU authorities wielding the power to implement fines of up to €20 million (£17.6 million) or four per cent of worldwide turnover, whichever is higher.
What GDPR means for market research
The arrival of GDPR has a number of practical implications for market research firms where the collection, storage and application of personal data belonging to EU citizens is concerned.
If your business operates across borders and in different languages, it is now more important than ever to ensure you are using specialist translation services to meet the demands of GDPR.
As well as helping to ensure maximum reliability and insightful results in market research, accurate translation and transcription have now taken on even greater significance from a legal standpoint.
GDPR creates various other compliance tasks and considerations for market research firms, including a need to ensure that new data protection principles are upheld throughout the full research cycle and observed by all parties in the production chain.
There are also requirements for firms to employ a data protection officer if their core business involves the regular processing of personal information, and to implement more rigorous procedures for identifying, reporting and investigating data breaches.
Is the sector ready?
Like all sectors, market research has been aware of GDPR and its wide-ranging significance for some time now, but there are indications that many businesses are not fully prepared for the reality of these new rules.
Leonard Murphy, executive editor and producer of market research directory GreenBook, noted in a blog post leading up to the publication of the firm's Q1-Q2 2018 GRIT Report that the industry's lack of readiness for GDPR is "a big problem".
A survey indicated that half of market researchers worldwide are not even familiar with the basics of the new regulations. Of those who were aware of GDPR, only 24 per cent said they were already fully compliant.
This trend is evident outside the market research sector, too. A recent study of companies in the US and Europe conducted by the Ponemon Institute revealed that 40 per cent of businesses didn't expect to be GDPR-compliant by the deadline of May 25th 2018. Eight per cent simply didn't know when they would be up to speed with the new rules.
All businesses that regularly handle and use personal data should be taking GDPR seriously and implementing the necessary checks, changes and processes to uphold the new standards and avoid fines.
In the market research sector, use of specialist language services for the creation of legal documents and presentation of key pieces of information will prove a vital part of the compliance mission.
Image credit: Pe3check/iStock