Compliance without complexity
GDPR presents the whole insights industry with a very specific challenge. We need to continue to provide our clients with answers to their business questions while at the same time ensuring that everyone – clients, agencies, sub-contractors – protects the security and confidentiality of personal data – and in this industry that mostly means respondents.
Clients often have large rosters of agencies and those agencies have their own supply chains, so ensuring that all the agencies are compliant is a very heavy administrative burden for even the biggest companies. For the agencies there is a need to not only adopt policies and behaviours that comply with GDPR in general but also with a wide range of specific ad hoc requirements that clients will add on top.
It’s a lot to sort out and not surprisingly there is a huge amount of time and attention going into getting things right in time for the big day on May 25. A whole new industry of consultants has suddenly appeared, looking to scare businesses into buying their help with ominous warnings of the consequences of GDPR breaches. There’s a whiff of the ‘millennium bug’ bandwagon about it. But in all the furore we need to make sure that the GDPR tail doesn’t wag the insights dog. The last thing anyone wants is for GDPR to be such a burden that it starts to distract us from the basic mission of providing fantastic insight to clients.
We’ve been taking a methodical approach to our own GDPR compliance for about 18 months now, and we’ve learnt a lot along the way. Here are a few pointers from Incite on how to stay focused on doing great work while keeping on the right side of GDPR:
1 / Don’t panic!
There is a huge amount of institutionalised respect for personal data in the research industry. It’s part of the culture of the industry. The demands of GDPR should be seen a set of standards for the 21st century rather than something completely new. We’re in a good place to get this right.
2 / Get expert advice
In-depth data protection knowledge is important to help translate the legal requirements into policies and procedures that you can then embed into the way you work. You also need experts available on a day-to-day basis to provide guidance and recommendations on new situations or simply to help ensure that client and agency are on the same page.
3 / Focus on driving the right behaviours
People working in research and insights are not always going to have GDPR issues at the top of their minds. You do need to brief and train people on what they need to do, but the key to adopting new behaviours is to make it easy. Adapt the tools researchers use so that compliance is baked into the research process and the research team can focus on doing great work and adding value.
4 / Err on the side of optimism and openness
We believe that everything that we needed to do before GDPR will still be possible after it goes on to the statute books. We just might not do it in exactly the same way.
In the medium term we believe that GDPR compliance will become another hygiene factor in the delivery of effective research and insights. Essential, but not something to make a big song-and-dance about.
To learn more about how we’ve tackled the challenge, please get in touch.