GDPR And Market Research
As GDPR is enforced now, Market research companies are facing heat now. Due to huge movement of PI at any stage of process companies are bound to comply with GDPR to make sure privacy of data subjects are not compromised.
Confusion over controller and processor role specially due to Data protection addendum received by Indian companies are creating more chaos as its getting difficult to address “legal business and lawful purpose” condition due to complex business process flow of market research firms in India.
As per ESOMAR guidelines it is necessary for all people/companies in supply chain to abide by GDPR compliance
Once you have established that you are processing personal data, you need to establish whether, in carrying out research projects, you are acting as a data controller, a joint data controller or a data processor. More detailed obligations are placed on data controllers, who determine the purposes for which the data will be used, than data processors but unlike the current Data Protection Directive legal obligations are placed directly on the data processors and all parties involved in the supply chain are potentially liable if the rules are broken. The GDPR applies to processing by businesses operating within the EU and also to businesses that monitor EU residents or offer goods or services to EU residents.
We are providing free assessment to companies who feel they are GDPR compliant. Assessment requires simple answers on Evidences/organization and IT controls / policies and procedures requires as per various Articles of GDPR. For understanding purpose we have elaborated Articles definition so users can understand GDPR expectations as per Articles .
Do contact us if you wish to have GDPR compliance solution for meant for market research firm and help your organization Stay One Step Ahead !.