How Do You Manage GDPR in Face-to-Face Research Interviews?

You may remember all the ‘opt-in’ pop-ups that started appearing on websites last Spring? That was due to the General Data Protection Regulation which came into effect in May 2018. The aim of the regulation was to protect online consumers from having their personal data misused for marketing purposes. The practices that it sought to curb included:

Selling on data to third parties
Using data to ‘cold call’ consumers
Storing online or physical data longer than necessary
Not knowing where data was kept
Offering inadequate protection from cybercrime

Key to the GDPR’s impact is the power of the Independent Commissioner’s Office (ICO) to levy huge fines. Businesses or individuals found to be in breach, can be fined up to 4 million euros, or 4% of annual global turnover, whichever is the most. These eye-watering figures are enough to make anyone handling personal data in a professional capacity sit up and take notice.

How Does the GDPR Affect Qualitative Research?

LDA Research has always taken privacy of personal data extremely seriously, given the nature of our research. The launch of the GDPR was, however, a great opportunity to audit our research practices. Given the range of research methodologies we employ, we approached the task by looking at each methodology separately. In this blog we’ll be sharing our compliance guidelines for face-to-face research interviews.

What is Personal Data?

One of the most helpful aspects of the GDPR is the clarity with which it identifies what personal data is. It includes, of course, the obvious identity markers such as: name, address, photo, phone number, signature, email address, job role, age, ethnic identification. But it also emphasises the importance of recognising how scraps of information can be pieced together to identify someone. This places a requirement upon researchers to be extremely vigilant when capturing data.

How is Personal Data Stored?

Personal data can be captured on audio file, video recordings, online forms, written notes, letters, social media, health records or job profiles. These are stored in various ways, from notebooks, to online documents, to paper records and data bases. The GDPR requires that there are tight controls on what data is captured, how long it’s kept, who it’s shared with and when it’s deleted.

Step-by-Step Guide to Managing GDPR in Face-to-Face Research Interviews

Step 1. Make sure that your Data Privacy policy is up-to-date and share with everyone involved. Participants have a right to access their data or request its removal so make sure contact details for this purpose are available.

Step 2. Make clear rules about how online information is shared. Secure document sharing is preferable to email. There are a number of options including: DropBox, ShareFile, SharePoint. Always set a date for access revocation.

Step 3. Anonymise all participant data as soon as possible, and certainly before it is shared with clients and wider team. It is never OK to share personal data without the express permission of the participant.

Step 4. Before starting the interview it’s good practice to explain what data will be captured and how it will be distributed and stored. Any audio, or video recording requires the written permission of the participant.

Step 5. Make it a rule of thumb that no participant data is captured in the course of the interview. This doesn’t mean that you can’t use each other’s names – but it must be redacted from the recording or transcript before being passed to anyone outside the company or the UK/EU. This extends to ensuring that no visual personal information from the environment is picked up on photos, or video.

Step 6. Ensure that all data storage is encrypted and secure. Access should be limited to password holders, and be scheduled to end on a specified date. The location of all data relating to individual participants is required to be logged, and a deletion date set, including emails arranging the face to face interview.

Maintaining Good GDPR Practice

Qualitative research depends on a relationship based on trust between the interviewer and their participant. GDPR is an important building block in that relationship. Highlighting the emphasis you place the legal requirement for data to remain private is reassuring for interviewees, and underpins your professional status.

More Blogs from LDA

One-to-One Interviews and Focus Groups

The quality of medical market research is determined largely by the context in which it is gathered. The qualitative research team at LDA has been conducting interviews via phone, web, and in person for a good while now, and we all agree that the medium of communication plays in important role in the type, and richness of the information gathered.

Medical Device Market Research

LDA Research was set up in 2011, in Bedfordshire, and for the past 7 years the core team has been pursuing their passion globally. We’re lucky enough to spend our time providing specialist qualitative research for the rapidly growing medical device sector. Every member of the team is committed to providing high quality, bespoke market research solutions for management consultants,

How Does a ‘Detailed Follow Up’ Work?

LDA Research Helps You to Assess the Impact of Product Communications One aspect of the work we do at LDA Research is to support pharmaceutical companies in bringing new products to market. We may be asked to carry out competitor analysis, or develop research which supports decisions on how the product is positioned in the market. Our qualitative research helps

Contact us

Name

Surname

Are you a… (please select from dropdown)*

Message

Mailing list

By checking this box you acknowledge that you will be added to our marketing list upon submission. Please see our web privacy notice.

Mandatory fields *

How Do You Manage GDPR in Face-to-Face Research Interviews?