I’m not prone to anxiety, but GDPR is doing a good job of stressing me out, and I’m guessing that many in market research feel similarly.

I know GDPR represents a necessary upgrade to our data protection law: with transparency and the rights of the individual uppermost; and designed to safeguard the copious amounts of personal data that we now generate, especially in our digital lives. As an idea it cannot sensibly be opposed and enacting it encourages us all to ensure our data handling processes are tighter than the proverbial duck’s bottom. That is all fine and no arguments, but I’m more than a bit worried that despite the best of intentions, GDPR will prove to be yet another nail in the coffin of market research. If that seems rather dramatically put, here’s how I’m working it out…

GDPR presents yet more obstacles to participation
We already have a crisis over declining response rates and do not need to give willing members of the public yet more reasons to avoid participating in market research. For starters, what will be the impact of extending our already tediously lengthy terms and conditions? Since we are not allowed to ‘hide’ these behind links as other industries and products seem able to do, we have to hope that participants continue to tolerate (or overlook) the resulting blurb-fest. Potentially much worse, what will be the longer term impact of the panel-wide re-consenting that many fieldwork companies are now undertaking? That is, how many opted-in participants will take up the opportunity to relinquish rather than renew their relationship with market research? I suspect many people are – like me – heartily sick of receiving GDPR related emails from marketing departments, and only too ready to seize the chance of being more selective.

GDPR presents a serious threat to neutrality
In healthcare, our market research body (BHBIA), is helping its members interpret and apply GDPR. As a result, we are being told that to be compliant the research must either a) reveal the sponsor’s identity up-front, or b) ask the participant if they are okay to complete without knowing this, and reveal sponsor identity at the end. I see multiple problems with this. First, consciously or non-consciously,¬†revealing the sponsor prejudices subsequent responses and thus represents a fundamental threat to neutrality. If we’ve learned anything from behavioural science over the years it is the potentially powerful effect that can be produced by priming our questions, and activating an individual’s emotional associations with a company at the very outset is usually exactly what we don’t want to do! Second, asking the participant if we can defer gives them both the opportunity to bail out at that point, at which point we lose another perfectly good respondent, or plants a different but still rather unhelpful seed of curiosity that may well distract the participant from the task at hand. Third, do we really need to do this? The participant probably cares much less than we might imagine, and it feels like of an over-reaction. I sincerely hope we’ll be able to revert to a situation where the default is not to reveal the sponsor’s name, unless explicitly asked to do so by the participant.

GDPR threatens to degrade research design, process, and reputation
I am wondering what research methods will now be given a wide berth because of concern over potential GDPR ramifications? Blue-chip companies are risk-averse as it is and I’m expecting that their role as data controllers under GDPR will only accentuate that characteristic. This curtailing of research practice has already happened to us in healthcare, where a requirement to report adverse events has seen companies simply avoiding the topic, which helps nobody. And how far do we want to take it because, arguably, how often do the sum total of a participant’s answers or comments gathered during the research process itself jeopardise¬† anonymity indirectly? That is, piecing together responses may- in theory at least – be enough to retrospectively identify an individual without the need for any other personal data, especially amongst smaller populations. Seen through the eyes of the research participant, are we in danger of protesting too much? When participants hear or read us kicking things off by banging on ad-nauseum about how much care we are taking over the security of their personal data, they might be forgiven for wondering why we are making such a song and dance about it.

I’m pretty sure GDPR wasn’t meant to feel this way, and certain that market research companies aren’t those that the authorities have in mind when it comes to scapegoating and levying the potentially huge fines. The burden of enacting GDPR in market research seems disproportionate to the minimal threat that we pose to the security of personal data. My sense is that because we are a by-and-large responsible industry populated mostly by sensible and cautious folk, we find ourselves going to the nth degree to make sure we follow all the letters of all the new laws. I think doing so unquestioningly is likely to end badly, and that we should take this early opportunity to push back on several points, via the MRS and our other industry specific market research and marketing bodies, before rushing to comply.