Friday, January 27, 2023

GDPR Implications for Market Research

What does GDPR mean for the market research industry?

It’s almost four years now since the European Union (EU)’s General Data Protection Regulation (GDPR) officially started, sending a global ripple effect regarding consumer data protection around the world and into the United States. We have seen mixed compliance in data breach reporting and subsequent fines, continued privacy advocate criticism, and state legislation follow-up with states like California adopting the California Consumer Privacy Act (CCPA) which went into effect on January 1, 2020.

For those interested in conducting market research, it has meant new consent requirements, limited use of data, destruction of data after project completion, and other adjustments to the industry work overall. Although breach notification has increased with the GDPR and fines are starting to be imposed on companies for those breaches we are still in a period of uncertainty of how it will affect market research directly.

It is clear however GDPR rules means market researchers have to act now to refine their GDPR compliance strategies and processes before significant negative consequences are commonplace.

What is the reason for implementing GDPR?


The EU GDPR regulations went into effect formally on May 25, 2018, after gaining status as the most heavily lobbied law in the history of the EU. The goal of the GDPR was twofold: first, the government wanted to make data privacy laws consistent throughout the EU, and second, it strove to protect the basic data privacy rights of its citizens during the modern age of digital data.

One tricky component of the GDPR is that it not only affects EU companies but also applies to non-EU businesses and organizations that sell goods or services to the EU or hold personal data of people who live in the EU. In the global economy today, that really means that the GDPR has a global reach and particularly affects United States businesses and organizations.

As a result, several state governments introduced data privacy legislation in tandem with the GDPR start date in 2018 with California’s Consumer Privacy Act leading the way. Many of the other states have followed suit.

Here are some implications for companies conducting market research today:

How does GDPR work in market research?

Companies conducting market research studies must show that they have a “legal basis for processing personal information” to comply with Article 6 of the GDPR.

This means businesses can ask participants to consent to use their personal information for a specific reason. For example, a market researcher collecting customer feedback on a new line of smart home gadgets can obtain consent before a survey is conducted to gather opinions and demographic information for that purpose. However, the same company may not use that personal information for a different set of products or services without regaining consent.

In addition, companies are allowed to collect customer information for a legitimate interest, which may include checking to see if customers are satisfied upon receiving an ordered product or service or double-checking information that is collected in an interview setting. However, the GDPR specifies that a “good reason” to protect a person’s data could override that legitimate interest in some cases and that the company must limit data collection to only that information required to reach the stated goal.

Finally, data can be collected if you’re conducting research that’s related to public or government interest. This allowance makes room for census data research and other official research.


How can market research participants under GDPR, control the information companies have about them?

Until recently, market research participants who in GDPR language are known as the ‘data subject’ may have given implied consent to having their personal data collected by simply choosing not to “opt-out” of certain programs. Now to comply with GDPR regulations, a data subject has to give explicit permission for their personal data to be collected, used, and stored, essentially they have to “opt-in” for their information to be used.

For market researchers, as classified as either “data controller”, “data processor”, or both, this will be a significant challenge as well as a potentially expensive undertaking. Each individual study where personally identifiable information (PII) is gathered or solicited directly must now be clear.

Every participating individual must be offered a consent question, which is not defaulted to opt-in, to participate, and consent to have their responses used. The question must state the nature of the study and the intent and usage of the data. In addition, respondents must be notified of their rights to access, change, and erase their data.

Besides the sheer logistics of getting individual permission for every PII study, businesses will need to monitor the collected data to ensure it is not being used incorrectly. This may mean companies need to hire consent ambassadors or a data protection officer to be accountable for that fact.


What are the GDPR exemptions for marketing research companies?

Although the GDPR is fairly strict across multiple areas and industries, a few exemptions exist.

Market researchers who conduct anonymous surveys and do not collect or use personal data may disregard the GDPR. However, personal data is defined very broadly; it not only includes names, phone numbers, addresses, email addresses, photos, and personal ID numbers but also biometric information, mobile device identifiers, IP addresses, and any other more tangential or third-party data that could lead to identification.

According to Article 89, individuals studying scientific, statistical, or historical data may be allowed to access sensitive personal data without additional processing. In some rare cases, professionals may gain access to data without consent and be permitted to store the information. The data, however, must be safeguarded to be used only in the stated fashion.

In addition, if an organization is running research that’s important for national or public purposes, according to GDPR rules it may also be exempt. This could include broad medical or health studies, government planning, or economic studies that would be performed to provide information to address larger social concerns within a community, state, or country.

What has been the impact and consequences of GDPR for marketing research?

During the first year of GDPR, the reporting of data breaches has skyrocketed. Studies show that prior to GDPR, the EU received about 20,000 data breach reports per year. In the most recent 2021 aggregate report, it reveals there have been more than 281,000 data breach notifications since the application of GDPR on 25 May 2018 with Germany (77,747), The Netherlands (66,527 and the UK (30,536) topping the table for the number of data breaches notified to regulators.

This increases consumer awareness, helps individuals take proactive steps in protecting their personal data, gives regulators information regarding the problem, and provides technology companies data that they can use to prevent breaches in the future. The success in breach reporting has fueled other countries’ efforts in setting up their own notification policies and systems.

According to GDPR, the penalties for non-compliance can reach 4 percent of a company’s annual total revenues for severe infractions. Lower penalties can be imposed for lesser infringements. However, the reality is that most companies are not yet suffering from significant financial consequences as a result of GDPR. The question then arises on how, if any, changes will be made in managing personal data if consequences are, for all practical purposes, nonexistent.


According to a report by the European Data Protection Board, total penalties totaled 55 million euros during the first nine months of GDPR. That said, 50 million euros of that total was a single fine against Google, and for the behemoth company, that amounted to 0.04 percent of its 2018 revenue.

Moving forward, the EU is working to remedy these fine-related issues and other countries are refining their own personal data protection programs, processes, and systems. That means it’s just a matter of time until market research projects may be more heavily scrutinized.

 Is it time to increase your investment in GDPR compliance as a market research professional?

If you haven’t already done so, it’s time to consider how the GDPR and related data protection legislation will impact future market research efforts and take steps to ensure compliance. Market research firms will have to modify their scripts, processes, and communication to their audiences, ensuring that all the required information is shared before the research is conducted. As a result, surveys may be longer as well as interviews, which will inevitably increase the cost of conducting market research. Companies should take that into account when setting market research budgets in the future.

In addition, monitoring the use, deletion, and legitimate storage of personal data may require an entirely new position or department within an organization or business if market research is a regular part of a business’s operations.

Although all 50 states as well as Washington D.C., Guam, Puerto Rico, and the Virgin Islands have breach notification laws, many individual states are still hammering out the details regarding personal data usage. More than a dozen states have specific legislation regarding privacy and data. It’s reasonable to expect that more states will continue the discussion and that the regulatory landscape will continually evolve in this area. Amendments to current legislation as well as new considerations will occur.

Market researchers should perform a GDPR readiness assessment which includes a gap assessment to see how their current processes comply with GDPR-related regulations and what steps must be taken for full compliance. This may be a moving target as regulators continue to tweak, revise, and assess current privacy data regulations and compliance.

It may be a wise move to work with other departments such as information technology, marketing, and legal to watch upcoming changes and continually reassess areas for improvement.


Monday, March 14, 2022

Charter of Respondent Rights Canada


More content missing from the internet.

Mystery Shopper Scams

 Legitimate mystery shopping opportunities are out there, but so are plenty of scams. If an opportunity is on the up and up, you won't have to pay an application fee or deposit a check and wire money on to someone else.

What is Mystery Shopping?

Some retailers hire companies to evaluate the quality of service in their stores; they often use mystery shoppers to get the information. They instruct a mystery shopper to make a particular purchase in a store or restaurant, and then report on the experience. Typically, the shopper is reimbursed and can keep the product or service. Sometimes the shopper receives a small payment, as well.

Many professionals in the field consider mystery shopping a part-time activity, at best. And, they add, opportunities generally are posted online by marketing research or merchandising companies.

Don’t Pay to Be a Mystery Shopper

Dishonest promoters use newspaper ads and emails to create the impression that mystery shopping jobs are a gateway to a high-paying job with reputable companies. They often create websites where you can “register” to become a mystery shopper, but first you have to pay a fee — for information about a certification program, a directory of mystery shopping companies, or a guarantee of a mystery shopping job.

It's unnecessary to pay anyone to get into the mystery shopper business. The certification offered is almost always worthless. A list of companies that hire mystery shoppers is available for free, and legitimate mystery shopper jobs are listed on the internet for free. If you try to get a refund from the promoters, you will be out of luck. Either the business won’t return your phone calls, or if it does, it’s to try another pitch.

Don’t Wire Money

You may have heard about people who are “hired” to be mystery shoppers, and told that their first assignment is to evaluate a money transfer service, like Western Union or MoneyGram. The shopper receives a check with instructions to deposit it in a personal bank account, withdraw the amount in cash, and wire it to a third party. The check is a fake.

By law, banks must make the funds from deposited checks available within days, but uncovering a fake check can take weeks. It may seem that the check has cleared and that the money has posted to the account, but when the check turns out to be a fake, the person who deposited the check and wired the money will be responsible for paying back the bank.

It’s never a good idea to deposit a check from someone you don’t know and then wire money back.

Tips for Finding Legitimate Mystery Shopping Jobs 

Becoming a mystery shopper for a legitimate company doesn’t cost anything. Here’s how you can do it:

  • Research mystery shopping. Check libraries, bookstores, or online sites for tips on how to find legitimate companies hiring mystery shoppers, as well as how to do the job effectively.
  • Search the internet for reviews and comments about mystery shopping companies that are accepting applications online. Dig deeper. Shills may be paid to post positive reviews.
  • Remember that legitimate companies don’t charge people to work for them – they pay people to work for them.
  • Never wire money as part of a mystery shopping assignment.

You can visit the Mystery Shopping Providers Association (MSPA) website at to search a database of mystery shopper assignments and learn how to apply for them. The MSPA offers certification programs for a fee, but you don't need "certification" to look – or apply – for assignments in its database.

In the meantime, don't do business with mystery shopping promoters who:

  • Advertise for mystery shoppers in a newspaper’s ‘help wanted’ section or by email.
  • Require that you pay for “certification.”
  • Guarantee a job as a mystery shopper.
  • Charge a fee for access to mystery shopping opportunities.
  • Sell directories of companies that hire mystery shoppers.
  • Ask you to deposit a check and wire some or all of the money to someone.

If you think you’ve seen a mystery shopping scam, file a complaint with:

  • The Federal Trade Commission
  • Your state Attorney General

This is another page that has been removed from the net. And again, good data should never be lost.

Sunday, March 13, 2022

Respondent Bill of Rights

What Are Your Rights If Interviewed?

Your participation in a legitimate research study is very important to us, and we value the information you provide. Therefore, our relationship will be one of respect and consideration, based on the following practices:

  • Your privacy and the privacy of your answers will be respected and maintained.
  • Your name, address, phone number, e-mail, personal information, or individual responses will not be disclosed to anyone outside the research project without your permission.
  • You will always be informed in advance if an interview is to be audio recorded or video recorded (as in the case of telephone or in-person studies). Additionally, you will be told of the intended use of the recording.
  • Upon request, you will be informed of the privacy policy that applies to your participation in the research study.
  • The researcher will be identified to you. You will be told the name of the research organization and the general nature of the survey.
  • You will not be sold anything, or asked for money, under the guise of research.
  • You will be contacted at reasonable times, but if the time is inconvenient, you may ask to be re-contacted at a more convenient time.
  • Your decision to participate in a study, answer specific questions, be re-contacted at another time, or discontinue your participation will be respected.
  • You are assured that the highest standards of professional conduct will be upheld in the collection and reporting of information you provide.

Survey, opinion and marketing research is an important facet of our democratic society, allowing everyone to express their views on political and social issues, as well as on products and services.

This was copied from a page no longer active. Good data should never be lost.