Research News Live

Three steps to GDPR success

Zlatko Vucetic from FocusVision outlines the three questions every research team needs to ask themselves

Over the past decade we have watched marketing become ever more sophisticated and targeted. From market research, audience mapping, location-based advertising and 1:1 engagement, the path to purchase for brands has been entirely focused on learning (and acting on) deep customer and behavioral data. Knowledge was power and data reigned supreme.


The GDPR streamlines privacy laws across all EU states and will impose much more significant fines on any company found to be breaching the directive – up to $24 million or four percent of global annual revenue, whichever is greater.

There is serious house-cleaning across the Atlantic n advance of the May 25 deadline but, despite the many column inches devoted to the subject here in the U.S. the same sense of preparation is not as palpable. Anyone monitoring or gathering information from consumers in the EU, via the internet will need to comply – whether based in the EU or not. For those in the research and insights industry there are a few more steps to ensure that you stay on the right side of the regulation.


Speak to all of your service providers, suppliers and partners to ensure that they have conducted data mapping exercises to resolve any potential points of failure.  Certifications, terms of service and privacy statements will determine that they have implemented any necessary product changes (including enabling deletion of data). You may not be your partner’s keeper but a GDPR misstep by an organization you’re working with can quickly impact you too.


Beyond the myriad methodologies and suppliers needed to deliver a project to deadline and within budget, anyone leading an insights study will be considered to be a Data Controller under the GDPR.

A Data Controller is the individual who determines the purposes for how and why personal data is processed. In contrast, Data Processors include any organization that collects, stores or analyzes personal data under the instruction of the Data Controller. Either role you are also assuming responsibility for compliance with the GDPR legislation and the provision of information  to individuals about whom you hold personal data among others.


Two pieces of personal information must be combined to create what GDPR considers Personal Identifiable Information (PII). GDPR now considers an IP address as one source of information, which can be combined with something like name, date of birth or home address to become PII. As part of any insights study, the team must ascertain whether the research findings contain PII? At every stage of the research, the lead must ensure tight control of the research data and findings.

The GDPR constitutes the biggest revolution to data privacy in over a generation but, companies that already adhere to best practices will already be well positioned. Asking the three questions above will ensure you can still have access to the dat you need without exposing your team or business to potentially expensive risk.


The Australian Market and Social Research Society is linked globally to 45 associations through its partnership with the Global Research Business Network (GRBN) and the Asia Pacific Research Committee (APRC). Click here to read about the AMSRS global network. This article is originally sourced from GRBN website.

About The Research Society 1083 Articles
The Research Society is the peak body for research, insights and analytics professionals in Australia. It has a diverse membership of individuals at all levels of experience and seniority within agencies, consultancies, client-side organisations, the non-profit and government sectors, support services as well as institutions and the academic community. As well as over 2,000 individual members, the Research Society has 125+ company and client partners, with the number continuing to grow. The Research Society research professionals and company partners commit to and are regulated by the Research Society Code of Professional Behaviour.