GDPR shouldn't impact your online research, here's why...

Published 02 Nov 2018 9 minute read

Online qual
Compliance

As a research and insight specialist, you’ve been working with the challenges and complexities of GDPR for several months now. It’s hard right! That’s why we’ve written this short guide. It will help crystallise what you need to do on an ongoing basis, and why, helping you stay on track and remain compliant as Dr Marie-Claude Gervais, our Research Director explains.

Some GDPR basics

I'll use our Together platform as a point of reference to show how easy it is to ensure you're compliant with the key GDPR legislation when performing online research. The first thing to know is that, as a manager of an online research community, you are a ‘data controller’ (not a ‘data processor’).

Together Online Research Platform

As a data controller, when you invite people to take part in an online research community, you should always have clear Terms and Conditions (Ts and Cs) that include:

  • Why you are conducting the research - it's purpose
  • How the data will be used, shared, stored, anonymised, protected
  • How long you will keep the data for (your approach to Data Retention)
  • The identity and contact of your Data Controller and/or Data Protection Officer (DPO)

Agreeing to abide by these terms at the start of any research study or community amounts to giving informed consent. Using research platforms, it's simple to copy and paste the Ts and Cs into a welcome email message. Participants have to agree to them before they progress into the study. It's also important to set out what the house rules are for the duration of the study. For example, it's always going to be possible for someone to get a screen grab of community activity but this can be flagged and discouraged. Rules regarding acceptable behaviour need to be set out for people, as well as the consequences for flouting the rules!

Privacy...full stop

We've talked previously about WhatsApp and other tools researchers use and how the group discussions from these software platforms aren't private and are hard to control. We've also set out how GDPR will impact the Market Research industry, hearing directly from legal experts in this field and the MRS. The crux of the issue is this, GDPR rules state that consumers have the right to know how data controllers are processing their data, where it is, and what it is being used for. This is fine in the case where agencies or technologists are the ones in sole receipt of the data. However, were you to use WhatsApp for online group sessions, there is an issue. Currently, within these groups, every individual can see the private phone number of everyone else and the data that has been shared, therefore controlling this data would be impossible. With this in mind, something you should always look for is independent certification (ISO 27001 compliance) for the technology you're considering using from a data security perspective. It's a huge advantage to be able to say to participants at the start of a study that their data is safe. As a result, they're more likely to be honest and open in their responses. If you're researching vulnerable people (for example, children or people with mental health problems) then privacy is absolutely a pre-requisite.

Right to data access

One of the new provisions under GDPR is that participants have the right to access their personal data. In other words, you need to be able to provide participants with all the input they shared. Doing this with offline focus group data is a nightmare because of the challenges of identifying each person and of allocating each comment to a participant. Doing it online is a breeze. Most online platforms, including ours, allow the user to download all the data associated with a study. It's simple to retrieve the data and export this into a .csv or .xls file and send it over to the participant for review.

Right to be forgotten

Another provision you have to make under GDPR is that research participants have the right to have all their data destroyed so that there are no digital traces of them. Using online platforms, this is simple. All the data associated with a participant (including their contributions to any discussions, videos and images they've submitted as part of the study) and any personal data that would enable them to be identified (such as their name, demographic profile or email address) can be retrieved and deleted with a few simple clicks. You should also contact your recruiter to make sure that they, too, have deleted all the participant data from their file.

Anonymised data

It is essential for researchers to be able to anonymise their data set. This is not a new requirement but it is one to which participants may become more and more sensitive. Together allows you to anonymise your data (remove a participant’s real name) at the click of a button. However, be aware that anonymisation is not the same as protecting a participant’s right to confidentiality, which is a trickier issue. Again, this is much simpler to do online. Our platform even lets you export data that's already been anonymised at the click of a button.

Good luck with your research!

If you'd like to learn more about online qualitative research, there's more guides, podcasts and presentations you can access in our resources area. Alternatively...

Contact Us

Discover our platform and services

Platform-only

The insight platform for online qual, research communities, digital diaries, ethnography and more.

Services & Support

A range of expert research services and resources to help you deliver your projects with ease, speed and reach.

Insight

Human insight with impact; leveraging our academic and industry experts to uncover insight, create impact and make confident decisions.

Conde-Nast
Conde_Nast_logo-copy

We were amazed at the level of insight we achieved in just a week. Further opened our eyes to new ways of researching and understanding our staff

We helped Conde Nast International define a new global mission and vision statement

van-tay-media-Kab_-4M4I74-unsplash
Vouch-for-Me-Logo

Further really understood the brief and were extremely proactive. We are now very confident that we’re taking the right products and proposition to market.

We helped this insuretech startup tailor their customer value proposition for the UK market ahead of a planned launch

Keyhouse
Keyhouse

Further's expert team pushed us to clarify our assumptions and to think harder about how to communicate the value of our products and services

We helped Keyhouse enter a new market and understand what target users of their case management software needed and how to position their offer

FTH001_Mother_2_children_tablet
UNICEF-Logo

Working with Further was a refreshing and eye-opening experience…...the qualityof their output which was excellent.

We helped Unicef generate insights to support the development of a mass market, sustainable fundraising product.

Zwift image
Zwift-logo

Strategically, Further’s insights provided clear and directional answers that will guide us through our next phase of growth

We helped Zwift understand users and non-users needs and wants so they could prioritise their innovation pipeline

Chillys image case study
Chillys-logo

We helped Chilly’s leadership team consider new ways to understand and co-create with their customers’

What next?

Browse our site, download our resources, request a demo of our platform or speak to one of our experts

Browse our work
Request a demo
Book consultation