Even during a pandemic life goes on and so too does data protection!

Whilst the UK Data Supervisory Authority, the Information Commissioner’s Office has said that it will be understanding when organisations find it difficult to meet some of the requirements of the Data Protection Act 2018/GDPR, this is not meant to suggest that data protection requirements have been relaxed.

On 15 April the Information Commissioner, Elizabeth Denham, issued a statement [https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/04/how-we-will-regulate-during-coronavirus/] that sets out what businesses can expect from the ICO during the pandemic.  Within it, Denham says “my office will continue to safeguard information rights in an empathetic and pragmatic way that reflects the impact of coronavirus”.  It recognises “the current reduction in organisations’ resources could impact their ability to comply with aspects of the law”.  However the ICO has also made it clear that it will take regulatory action against organisations that “take advantage of the current crisis”.  Essentially this means that organisations cannot ignore their data protection obligations, but the ICO is likely to give them a bit of lee-way should something go wrong.

Moving from face to face to online

With the move away from face to face fieldwork to telephone and online methodologies, we thought it might be helpful to remind members:

• There are very few differences in legal and regulatory requirements when comparing face to face with online methodologies – the rules remain very largely the same irrespective of the medium we use to conduct market research. 
• The terms and conditions for consent remain the same but the way you record it may vary – see the BHBIA’s ‘Legal Grounds for Data Processing’ guide within the Privacy and Data Protection section of the website. 
• When observing or listening in, again the terms and conditions remain the same, but beware if you’re moving from observing via sitting in or watching through a one-way mirror to watching video footage, you’re moving from not processing personal data to processing it – see section E6.3 ‘Observing, listening in and recording’ of the BHBIA’s Legal and Ethical Guidelines (page 23).
• However there are some differences specific to the medium such as not installing software on a respondent’s device without a their consent.  For more information please see section G2, G4 and G5 of the BHBIA’s Legal and Ethical Guidelines covering the use of Telephone, Online and Social Media as a means to conduct market research.
• Finally, you must think carefully about online security and make sure that personal data transferred or shared online is appropriately protected, to a standard that reflects the type of data and risks involved.  For more information please see the BHBIA’s ‘Data Security including Breaches and International Transfers’ guide, again you will find this in the Privacy and Data Protection section of the website. 

Please use the BHBIA’s Guidelines and Legislation resources for compliance support, but if you can’t find the information you're looking for, full BHBIA members can use the members’ enquiry service: https://www.bhbia.org.uk/my-bhbia/guidelines-queries/submit (you will need to be logged in to access this).