Stay in compliance with ever-changing governmental regulations.

Alert! Alert! Alert!

In this new age of “always on” technology and communication, it seems like something is always vying for our attention. We get so may alerts. Weather alerts, traffic alerts, health alerts, vehicle recall alerts, food safety alerts. I could go on and on.  Our first tendency might be to get a little irritated about all of these alerts, as they interrupt our daily flow and can produce anxiety. But then again, think of why we are receiving the alerts in the first place. They are there for our benefit—the safety and security of ourselves, our family and our neighbors. By getting that important information out to us quickly, we can act immediately and take the necessary steps to either be prepared or be protected.

When we use alerts in the context of handling personal data, the benefits are the same. We are vigilant, looking out for the safety and security of the data collected on our panelists.  The safety and security of data is a major concern for many countries around the world. That is why regulations such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) have been put in place. They help to ensure that personal data is being handled properly.

Stay alert to panelist data changes

Having the ability to receive alerts on the system used to store and/or collect data can be an essential tool.  An alert system can perform two kinds of notifications:

  • Inform proper personnel of changes that have been made in the data
  • Alert personnel of the need to make changes to the data.

Alerts can help you to make necessary changes in an expedited time frame, thus complying with on-going regulations.

What are some examples of alerts that can prove beneficial?

Let’s take a look at a few instances where alerts would provide helpful information.

Example: A panelist wants to be removed from the database.

Let’s say a request comes in from a panelist who no longer wishes to receive invitations to participate in studies, screeners or research. The request can come from the panelist portal, from the invitation or from within the questionnaire.  Whatever the source, an alert can be sent to the proper personnel to make sure that the panelist is removed. By receiving an alert, the removal can be handled quickly, therefore limiting the chances of the panelist becoming frustrated by receiving additional notifications.

Example: A panelist is not able to participate in research for a period of time (extended travel, expectant mothers, temporary health conditions, etc.).

Sometimes a panelist needs a little time off. They can inform you of the start date for the period of non-participation.  During that interval, the panelist record can be set to inactive. They will no longer receive notifications of available research studies. An alert can be created for the proper internal personnel at the resume date so the panelist record can now be set to active status. At this time, they would again get notificatons to participate in any available research.

Example: While filling out a questionnaire or screener, the panelist indicates that they would like to be contacted.

Companies always want to know if their consumers are happy. To ensure that any perceived issues are handled quickly, a question can be added to a questionnaire or screener asking the panelist if they would like to be contacted.  Additional information can also be collected as to the nature of why they would like to be contacted. Once this information is collected, an alert can be generated that informs the proper internal personnel of not only the request to be contacted but also the reason. The alert allows companies to respond to any issues or requests for contact and handle them without any hesitation.

These are just a few possible suggestions showing how alerts could be a great benefit. Having the ability to create custom alerts based on the particular operations of your organization can provide innumerable benefits to the company, department and panel members. The ARCS system, for example, allows you to define custom alerts that match your organizational needs. Contact one of our ARCS specialists today to discuss how to setup specific data alerts.

Keep in mind that alerts should be used judiciously, only when something really calls for immediate attention and action. When used for truly critical notifications, alerts will help your organization to stay in compliance with ever-changing governmental regulations.

Access & Control – Just Like the Family Fridge

Complying with the new GDPR rules means giving panelists more access to their data

When I was growing up, just about everything my family or someone watching us needed to know would be affixed to our refrigerator with tape or magnets. This included a calendar of events, important phone numbers, report cards, receipts, images, to-do lists and more. The fridge was the central repository for upcoming events for our family.

If you wanted to see what was going on in our lives, first you needed to be invited into our home (or have a key to gain access). Only trusted friends, relatives or service providers could get in and see the refrigerator to learn what we were up to.

Just as access to the family fridge was limited, the European Union General Data Protection Regulation (GDPR) has been designed to enhance an individual’s control over their data and restrict outside access.  Now, allow us to read your rights!  You have the right to be informed when your data is being processed, the right to access your data and confirm its lawful processing. You have the right to be forgotten, the right to data portability, rectification, objection to direct marketing, restriction of processing personal data, and safeguards against AI related decision making. One of the primary aims of GDPR is to give an individual total control of their data, and organizations with access must comply with the demands.

In ARCS we have something a lot like that family refrigerator. We call it the Panelist Portal. This is the individualized home page within ARCS for each member of your participant panel. The Portal gives users control over their core data (along with the ability to update this stored data). Users can also opt out, and all can be done within a single system, complying perfectly with GDPR.

Once someone is invited to join your participant database, they are given a unique “key” (ex: user name and configurable password which you will have the ability to control). This is the place where a panelist can make changes to their name and personalized password.

When my parents would go away, they would leave their itinerary and special instructions on the refrigerator. In the same way, you can post privacy policies, NDA agreements and other information that panel members might need to see.

Let’s say you have someone in your database who must “accept” your terms before being allowed to participate in your research studies.  You can provide the documentation, instructions, and mechanisms for them to read and acknowledge. This could be for the original acceptance or a change in terms that requires database members to acknowledge and confirm agreement with the new language.

Within the Panelist Portal, your database members have access to many important pieces of information about themselves, their history, and their upcoming research study schedule.  This information, referred to as participant data, is organized into two areas:

  • Core data. This includes items such as name, age, birthdate, address, email address, phone number, preferred contact method, household makeup, and more.
  • Attributes or custom data points. ARCS allows you to create, ask and track unlimited questions about particular panel members. You can then query on those custom attributes and data points. Some examples could be product usage, demographic information such as education, salary, marital status, and more.

The ability to view and update PII and sensitive data is critical to GDPR compliance. Using the Panelist Portal, your database members can access selected data fields and update these attributes themselves, as their product, brand and usage change over time. This will ensure that you have accurate and up to date information, which will help you invite and qualify the right panel members for your studies. This is also where your panel members can complete any necessary required paperwork (such as NDA forms). All of this information is date and time stamped as well as trackable.

All of the above capabilities are presented in one place, and just like the family fridge the Panelist Portal provides centralized visibility, auditing and tracking.

By giving database members more control and visibility into their data, you will be compliant with the applicable GDPR requirements, protecting yourself and protecting your most important asset, the participants. With greater access and control, they are likely to feel more comfortable with your organization. This can then lead to referrals of additional family members and friends.

Breaking up shouldn’t be hard to do

Lastly, GDPR compliance asserts the participant’s right to be forgotten. They may ask that their data be wiped, either completely or partially. Your participant engagement process needs to: (a) permit such a request, (b) quickly respond to the request and (c) identify the user and types of data to be eliminated.

Key Questions

What types of controls and tools does your participant engagement process have to handle these items? Do panel members constantly need to call your staff to update their information?  Would you like to have the visibility and controls to meet the ever-changing data protection needs your participants deserve and meet new regulations like GDPR?

Call our ARCS specialists today to discuss your unique research participant needs.  

Facing the regulatory challenge of Centralized Data

In the new world of the European Union’s General Data Protection Regulation (GDPR), organizations that process or store information on EU Data Subjects must comply with new uniform data privacy requirements. Did you know that GDPR requires all information you hold to be centralized? In this article we focus on centralized data, the looming challenges we face, and the solutions to them.

Many research departments and companies struggle to keep all of their data in one central location. Beyond this challenge, there is the fact that sometimes the only way to accomplish project tasks is to use different software packages – each requiring specific and unique skills to manage them.

For example, companies might have information like panelist data residing in one software package, while the ability to collect data from those panelists is performed in a completely different package.

When you add the challenges of securely storing Personal Individual Information (PII), tracking participation, managing incentives and sharing data, an organization could be using three, four or five separate software platforms.

As if that weren’t problem enough, there is one more challenge – increasing industry and government regulations like GDPR are now requiring any information that you hold to be centralized. With all of the disparate software required to complete your projects, the challenges can seem daunting.

What steps can you take to mitigate some of these challenges?

Find a single software platform that covers most, if not all, requirements to meet not only industry and government regulations, but also to streamline internal processes. By unifying on one platform, you will save time, costs and resources related to a number of the challenges mentioned previously.

Arm yourself with the proper questions to ask any software provider. Here are some must ask questions:

  • Is all of the collected data stored in a secure and centralized database?
  • Does the data have the ability to be searched and shared across different tasks? For instance, can data collected via a questionnaire automatically update in the specific panelist record?
  • Are all panelist data, PII, participation data, incentives and questionnaire responses stored in a central location?
  • Can the software track how data was collected or changed within the database?
  • Can the software produce information for auditing purposes to assure regulation compliance?

These are just a few of the many questions to be asked when evaluating a software platform. By contacting a representative at Marketing Systems Group, we can partner to identify the specific areas that most need shoring up in your organization.

Our team can also assist in formulating the many questions to investigate while searching for the best software platform for your company. Let the experts at Marketing System Group help you navigate the difficult and ever changing regulation landscape.

What to Expect from the New European Data Protection Regulations

D-Day is coming to Europe next spring, and no, we’re not talking about World War II. For us in the here and now, the “D” in D-Day stands for Data. In May 2018, new data protection regulations will take effect in the EU, and the impact on businesses and consumers will be enormous.

The European Union General Data Protection Regulations (GDPR) have not been updated since 1995. Twenty years is a lifetime in the world of technology. So much has changed. Most of our lives are intertwined with technology now, and our digital alter-ego (data profiles of who we are and what we do) is living somewhere in the cloud, traveling the earth in milliseconds. Amid the looming chaos of privacy exploitation and hacking, consumers are justifiably concerned and doubtful. Does privacy even exist anymore? Is anything secure? People want their privacy protected. They want to trust that their data is secure, but at the same time they want the convenience of personalized consumption and instant access. It’s a tough balance to strike.

Fundamentally, the goals of GDPR are to reassert individual privacy rights, foster a more robust EU internal market, strengthen law enforcement, streamline international transfers of personal data, and unify global data protection standards. The new data protection regulations will consist of a two-part implementation. The first part is the General Data Protection Regulation itself, the new rules.  The second part involves the enforcement arm, a Data Protection Directive for police and criminal justice entities.

According to public information released by the European Commission, we are going to see some interesting outcomes from GDPR.

Privacy rights make a comeback. The privacy regulation aims to improve individual’s rights to virtually “be forgotten” When they don’t want their data held anymore, it must be deleted (with exceptions: data may be retained for contractual or legal compliance reasons until no longer needed).  Individuals’ access to their personal data will be easier to obtain. They will have a right to port their data between different providers and the right to be notified when their data has been breached. In addition, companies must inform the authorities which accounts were hacked in a timely fashion.

European Commission says “Data protection by design and default” will become the norm. Products and services must be safeguarded via built-in data protection. Privacy will become the primary focus and could lead to new business innovations.  This includes new techniques for data encryption, removing personal data identification from data sets, and replacing PII fields in data records with artificial identifiers.  All of these could restore trust between individuals and companies holding their data by limiting exposure.

Costs. Yes, it will require investment to upgrade apps and services, but the tangible and intangible payoffs of compliance with the new regulations are real.  According to estimates, Europeans’ personal data value could be worth upwards of €1 trillion by 2020. With stronger data protection regulations in place, opportunities will grow.

Streamlined regulations. There are currently 28 separate laws on data protection that are incoherent and unwieldly.  The plan is to have these 28 individual laws consolidated into one.  Estimated savings for companies and organizations could be as much as €2.3 billion per year. After the new data protection regulations take effect, companies will deal with one single supervisory authority only, making it easier to do business in the EU. This will level the playing field by applying the same rules for all companies – regardless of size or location. Companies outside of Europe must follow the same rules when doing business in the EU.

Negative reinforcement: Be prepared or pay up! The EU is expecting merchants to be more responsible for protecting customer data. Those who experience data breaches will face severe sanctions. Beginning May 25, 2018, the EU will impose heavy fines levied as a percentage of revenue on companies violating the GDPR rules.  Smaller companies doing business in the EU may be unaware how soon these regulations are coming online. Liability is an obvious concern, so active steps to achieve compliance must be taken. Products and infrastructure must be reviewed and updated. A sustainable cyber security program must be in place. The cost of compliance must be accounted for, and the ROI should initially be measured against the preparedness and protection from fines and liability. In the long term, as mentioned above, the new regulations could result in a more level playing field and increased business opportunities.

Organizations should act now:

  • Review and analyze the GDPR. Seek advice. Leave nothing to chance. Learn the precise meaning of “personal data”.
  • Update your documentation for personal information and security practices. Update policies and procedures for breaches, incident reports and risk assessments. Review all relevant contract and agreement language
  • Figure out how to best mitigate risks of noncompliance.

For more information about the European Union General Data Protection Regulations (GDPR) check out this European Commission website, with press releases, questions and answers, factsheets, legislative texts, the current legal framework, and public opinion surveys.