GDPR — Market Research Implications #2 — WAPI

In a series of three blog posts we’re considering implications of the GDPR in regards to marketing research industry. The previous blog article touched upon how GDPR might influence conducting CATI interviews. In this one I’d like to ponder on how the new legislation may affect conducting WAPI surveys.

Mode specific considerations: WAPI

• Invites are often going out via the Market Research company, be sure, personal identifiers are not appearing at unwanted storage sections (or for how long those are stored) like SMTP logs
• If invites are sent via a third party system, be sure, where that service is located geographically, do you need to obey some (local) laws, and how data retention is addressed there. If an email list has to be uploaded there for an email invitation campaign, establish a policy of removing personal data, when not needed anymore
• Web server logs can be “talkative”, ensure that the collected data is relevant for the operational questions and needed for support
• The applied protocols and how browsers are working can give a lot of space for collecting data in passive mode (type of device, IP address of respondent, via that geographical location, digital fingerprinting, used browser etc) if you have the ability to collect such data, and you do live with that option (that often gives useful information for solving survey related technical difficulties) you need to inform the respondent about this fact, and what you do with this data. Also a good option, if it is available, configuring the system not to collect passive data. Note, this is often used as quality control step, so not always possible.

Read all articles in this series:

GDPR — Market Research Implications #1 — CATI
GDPR — Market Research Implications #2 — WAPI (you are reading this article now)
GDPR — Market Research Implications #3 — CAPI, Mixed-mode, Mode independent projects (this blog post will be published soon)

Disclaimer: This blog was created by Nebu in order to provide a high-level, general understanding of GDPR, and should by no means be considered or used as a substitute for legal advice. Nebu does not accept any responsibility or liability for the accuracy, completeness, legality, or reliability of the information contained on this blog.

For more information on the GDPR please visit the GDPR Nebu blog category page collecting all our blog posts related to the topic.

If you would like to ask an expert a GDPR related question, please submit it via the form on the right.