The General Data Privacy Regulation (GDPR) has been a huge topic of discussion across, well any industry that works in or with the internet, not just sample or market research.
GDPR is a new regulation in the European Union that becomes enforceable on May 25, 2018. The regulations’ goal is to strengthen data protection and give more control of personal data back to the individual. Essentially, personal data can only be collected and stored if it meets one of six lawful bases. (You can see them here) Also, it allows individuals in the EU to request that companies delete or remove their personal data, and the company must comply. Not just EU companies either, ALL COMPANIES WORLDWIDE!
You are probably asking now, well what does it mean for the sampling industry?
We will see much more stringent recruiting methods for panels, especially for those targeting Europeans. There will also be more hoops for potential panelist to go through to become of a panel. You may also see panel companies change their incentive structure to include some function of time to access incentives, so they don’t have a lot of people signing up and just leaving quickly.
As people decide they no longer want to be part of the panel and want their information deleted, this will cause panel companies to be more involved in their panel management. They will need to create new processes to ensure that they remain GDPR complaint. Many companies will need to appoint a Data Protection Officer (DPO) to ensure compliance.
Because one of the main tenants of GDPR is individual’s rights to revoke permission to personal data at any time, panels with European members, or European panels may look at research projects differently. Many companies will become more stringent on the organizations they allow access to their panel to ensure they reduce the amount of panel turnover possible.
Another path that is possible is that companies may move the burden for compliance and any fines over to their clients forcing clients to assume all responsibility for any GDPR compliance failure, or if any extensive damage to the panel is done (i.e. high opt-out or permission).
This is a big question and one we know the answer to yet. Is the panel company liable, or is the client? Will panel companies make clients sign documents assuming liability for any fines, etc.? Different panel companies are probably going to take different routes. It will take time to see what the new standards are created.
Since panel companies own the panel, and the access to the data, they already have increased liability. But, will panel companies start to shift the liability to clients?
This is a legitimate concern. Respondents will have the ability at any point to request their data be deleted, so the ones that do stay in the panel will be at a premium. There may be a decline in participation, but with the decline, it is more like getting rid of the dead wood of a tree, so the live portion can thrive. There may be reduced participation, but the ones that stay could be more engaged, particularly with increased incentives.
Since people can leave at any time, the ones that choose to stay are most likely highly engaged, leading to higher quality responses, and as an industry better feasibility. So, it may take less people to be invited to hit completion targets, and the removal rate will decline.
Want to find out how we are working with our partners to become GDPR compliant? Click the link below to download our Commitment to GDPR document.