B&A and the wider team will be operating under the Data Protection Acts 1988 to 2018 and GDPR General Data Protection Regulation (EU) 2016/679.
All data will be managed in accordance with our ISO 27001 Information Security Management system. B&A has been certified to ISO27001:2013 standard for Information Security Management System – surveillance checks and quarterly audits are on-going.
Under GDPR guidelines, market research is often carried out under the legitimate interests (Article 6 GDPR) of our clients. We also ensure that consent be obtained from all participants.
Respondents will be clearly informed that their participation in the survey is voluntary, that they are free to refuse to answer any particular question, to stop the interview at any point and to request that all data they provided to B&A be destroyed. Respondents will also be reassured as to how their data will be used in an anonymised dataset. Under GDPR regulations, respondents can request their data (prior to anonymisation). B&A have a process in place to comply with subject access requests or requests for withdrawal from survey and/or data deletion requests.
B&A has a designated Data Protection Officer. B&A also have a security team responsible for GDPR, compliance and information security Management. Two members of the team are members of the Irish Data Protection Officers Group.
Data protection entails protecting the privacy of the individual in relation to their personal information. It also means ensuring the reliability of any information used and it’s fair and legitimate use by everyone. Any stored personal data are covered by consent, the legal purpose for which the research is being conducted and the penalties that may arise if personal data is not looked after properly. Such data might include respondent data records, personal information or any other sensitive confidential information. When we collect such data in connection with this research the following will apply:
Where possible data must be stored – securely password protected – on B&A’s servers. We use encryption for processing personal information.