GDPR Guidance for Clients

GDPR – Guidance on using personal data for research purposes

Under the new GDPR regulations coming into force on 25 May 2018, we, as data processors, will need assurances from our clients (data controllers) that their customer data has been gathered in accordance with the new regulations and that it can be used for research purposes. Gathering explicit consent to take part in research activities at the point of data collection is one way of achieving this, however, processing personal data from existing customer databases for research purposes can also reasonably fall under the lawful grounds of legitimate interest.

What this means for you: whilst you may still want to, you don’t necessarily need to gather specific consent for a customer’s (data subject’s) personal data to be used for research purposes. However, if you choose to use legitimate interest as grounds for this use, you must ensure that your privacy notice details the legitimate interests upon which the intended research is based. According to the ICO, this must detail the following:

  • What your purpose for processing personal data is
  • That you are relying on legitimate interests as your lawful basis; and
  • A summary of what the relevant legitimate interests are. (ico.org.uk, 2018)

It is up to you (as the data controller) to conduct your own legitimate interest assessment and, in cooperation with us, to consider the research activities you would like carried out (i.e. customer satisfaction feedback, profiling, in-depth qualitative research etc).

A full explanation of legitimate interest and how to include it in your privacy policy can be found on the ICO’s website.

An advantage of using legitimate interest as a lawful grounds for research is that it can be applied after the point of data collection, as long as the privacy policy is updated in accordance and your database is informed of these updates.

What this means for your customers (data subjects): although under the lawful grounds of legitimate interest they do not have to give consent for their personal details to be used for research purposes (this includes contacting them to invite them to take part in research), data subjects maintain the right to object to processing without providing specific reasons.

What this means for us: under the existing guidelines of our industry’s Code of Conduct (administered by the Market Research Society), we will continue to gain informed consent from all research participants. It is our responsibility as researcher to notify data subjects about their right to object at the time of communication.

We maintain our responsibility as data processors to alert our clients (the data controllers) of any data breaches or requests to be forgotten.

We will also continue to gather explicit consent for further research and testimonials, and the gathering of any further data will be covered by our own privacy policy, which can be found at www.zinginsights.com/privacypolicy.

Following analysis of research results, findings will be aggregated for final delivery. We will take steps to minimise and anonymise research results at the earliest opportunity.

Data security: to protect individual’s data, any document or database that includes personal data must be shared securely. This means all documents that include personal data that we share will be password protected and any data we receive from clients we would also expect to be shared securely.

Further information
Legitimate interests under GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/ 

Conducting Research under the GDPR: Legal Bases: https://www.mrs.org.uk/pdf/EFAMRO_ESOMAR_MRS%20GDPR.pdf

Many thanks, 

The Zing Team

When a little insight can be just enough….

Once upon a time, not so very long ago, commissioning an insight project typically meant embarking on a long and often pretty expensive journey.  Projects routinely ran for 8+ weeks… Read more »

Coronavirus: leisure, tourism & events

Along with the rest of the UK (and many populations around the world) we’ve spent many weeks now at home under lockdown. However, with the weather warming up, people are… Read more »

Data isn’t insight alone

The marketing stream at this years’ AEO Forums included a brilliant session from Ben Smithwell from Comotion. Ben’s session titled ‘Demystifying Customer Insight for Marketing Professionals’ highlighted, that data alone… Read more »

Focus

Persona definition the aspect of someone’s character that is presented to or perceived by others Today, the more widely used definition of persona is a tool for understanding audience behaviours,… Read more »

Testing times

It’s safe to say everyone is feeling the effects of or worrying about the economic downturn resulting from the spread of Coronavirus. We hope that our friends, family and clients… Read more »

Introducing: the Zing Panel

  This week sees the launch of our new-and-improved Zing Research Panel and we’re all very excited about it! Over the years, we’ve carried out lots of research projects and… Read more »

Our Clients

We have extensive experience working across a wide range of industry sectors for many leading brands.

Contact Details

Victory House
Chequers Road
Tharston
Norwich
NR15 2YA

t / +44 (0)844 800 9588

e / hello@zinginsights.com