Sample Answers & GDPR
Delivering Compliant Data for Your Research Project
What is GDPR?
How does GDPR affect Sample Answers in-house solutions?
a. In-House Sources
b. Data Brokering
Subject Access Requests & Data Subject Rights
How Does This All Affect You
Getting In Touch
Sample Answers 35 Compliance Questions
About Sample Answers
Sample Answers has been supplying the Market Research industry for over twenty five years, providing a comprehensive range of sampling solutions to our clients. Whether it’s consumer data, business data, domestic, international, online or offline, we aim to be the one-stop shop for any brief that comes our way.
We pride ourselves on our customer service, with dedicated staff in our UK Head Office and regional office in Amsterdam providing fast turnarounds from our in-house production department and ensuring the quality of our data whether from our internal sources or from our network of partners from across the world.
What is GDPR?
GDPR (General Data Protection Regulation) governs the privacy and security of EU citizens’ personal data. In summary, the aim of the law is to give EU citizens control of their data and how it is used.
That increased control is exercised by ensuring that an individual’s personal data can only be accessed and used within the context of the informed agreement of the citizen. The regulations governing use of personal data is yet more stringent for email and other digital media, governed by the ECPR (Electronic Communications Privacy Regulations).
Other key aspects of the legislation are:
- The citizen has the right to know the details of all their personal data held on file by any institution.
- Other than in special cases (e.g. tax office) the citizen has the right that their personal data can be removed from the database of an organisation and, if appropriate, transferred to another institution of their choice.
- Failure to comply with the regulations can result in the Information Commissioner’s Office imposing a fine of up to 4% of worldwide turnover or €20 million, whichever is higher.
How does Sample Answers comply with GDPR?
Sample Answers is registered with the ICO and the samples we supply to our clients are either derived by selecting from the data files we hold in-house or as a result of a specific trade with one or more of our network of bona fide data suppliers. To deal with each in turn:
a. In-House Sources
For the purposes of providing data from our in-house sources Sample Answers operates under the act as both a ‘data controller‘ and a ‘data processor‘. To do so we comply with every aspect of the regulations in respect of the collection and storage of personal data and how we process and transfer that data to our clients.
In fact the essence of the regulations in respect of maintaining the privacy of the data subject has barely altered from the 1997 data protection law and you can be assured that all the personal data we transfer to you has a valid legal basis for us to supply, either through ‘informed consent’ or ’legitimate interest’.
Moreover we ensure compliance with all other aspects of the regulations, in particular:
- All our internal databases are housed securely on-site, with the necessary precautions in place to prevent breaches
- Only trained individuals have access to the raw data and sales staff have restricted access to the files they deliver.
- All data files are transferred securely via encrypted email or uploaded to an FTP.
- We respond to queries, complaints and subject access requests promptly normally within 24 hours.
So you and your staff can be confident in quoting Sample Answers as the source of your sample.
b. Data Brokering
Sometimes our in-house data will not match a client’s specification so we contact appropriate members of our network of data partners to broker a more suitable solution. In order to ensure we supply GDPR compliant data we ONLY accept data from reputable suppliers and, moreover we have implemented a 35 point checklist for all third party suppliers to complete.
(For Sample Answers responses 1 click here).
c. Online Sample Fulfilment
Sample Answers also offers online panel access via proprietary and third party panels. To ensure that any online research we conduct is fully compliant with GDPR, all panels (including our own) must comply with our 35 point checklist. In particular, membership of such panels are based upon use of the ‘double opt-in’ standard and therefore fully satisfies the criterion for informed consent.
Subject Access Requests and Data Subject Rights
It goes without saying that not everybody wants to take part in market research, be it over the phone, via the post or online. In these instances we are meticulous in dealing with any subject access request or other complaint to provide all the necessary information of:
- How and when their personal data was collected
- To whom, their data has been supplied
- That the record will be deleted
Any record removal request that we receive, we aim to process within 24 hours. Our Data Protection Officer (DPO) will pass the necessary information directly to the Compliance Team of the relevant supplier.
How Does This All Affect Our Clients
In a nutshell the effects of GDPR to you, as a client of Sample Answers, are minimal provided you will ONLY use the data for bona fide Market Research purposes. Our internal practices have been tightened up so that there will be no disruption to our service levels. As data processors we do ask that new clients supply answers to our 35 questions to ensure that all data we distribute is being stored, processed and used in accordance with GDPR.
Getting in Touch
If you have any questions on the content of this document, or regarding Sample Answers’ GDPR compliance then do not hesitate to get in touch with one of the team.
Mark Dent – Data Protection Controller – [email protected]
Christine Senior – Data Processing Controller – [email protected]
UK Head Office – +44 (0)20 8274 5000
Sample Answers Ltd
The information contained in this document serves only as a guideline to Sample Answers’ compliance of the EU General Data Protection Regulation. For further information please see our terms and conditions. If you have any queries about your own organization’s implementation of GDPR policy we advise you to seek professional legal advice.