Mitigating risk in customer feedback and data security

January 11, 2017

2017 marks a big change in cyber security as business ramp up for the formalisation of the EU’s General Data Protection Regulation in 2018. Maru/edr’s Global Security Officer James Clarke explores the ramifications for market research and what brands and businesses need to do to make sure they’re compliant.

Data protection is  becoming central to business operations – and not before time.

Research has shown that functionality and personalisation are becoming core components to a great customer experience – and to deliver a great experience at scale, brands simply have to become more data driven in order to succeed.

It means we’re collecting more information about customers than ever before.

And as the amount of customer information increases, and Voice of the Customer programs continue to tap into the vast reams of this data available, looking after customer’s feedback and details correctly and carefully has become a key component to any market research project.

But data protection is continually evolving – with each new technology, innovation and platforms comes added risks that need to be accounted for.

It’s why last year, the EU announced the introduction of the General Data Protection Regulation – a set of updated rules and standards that any organisations conducting business in the EU must adhere to.

What is General Data Protection Regulation and how will it affect me?

Coming into full force in 2018, the General Data Protection Regulation (GDPR) will affect us all.

Hard or soft Brexit, no matter what our relationship with Europe come 25th May 2018, all UK businesses must adopt these new regulations if they intend to do business across the European Union.

Replacing our current Data Protection Regulation here in the UK, the GDPR will provide an EU wide mandate where businesses must sit up and take note of data security. All businesses will be expected to have a Data Protection Officer in place who will be responsible for overseeing

Making your VoC program compliant

Technology brings with it new and exciting opportunities.

All new technology – no matter how large or small – has an ability to enhance Voice of the Customer research. Tools and technology enable all of us to automate processes, intelligently solve problems and paint better pictures by spending more time delving into data and uncovering the real issues stopping businesses from delivering even greater experiences for their customers.

But all technology comes with a potential risk – and an added headache for how to stay compliant with the latest regulation.

1| Use a supplier who is already security compliant

The easiest, simplest and most financially-viable option (not complying comes with hefty fines well into the millions) is to use a supplier who offers safety, security and peace-of-mind.

Maru/edr are one of the only UK Voice of the Customer supplier to hold an ISO27001 security management certificate in place to effectively manage security risks. External assessment of security procedures confirms the business’s commitment to information security . Maru/edr are committed to ensuring that all procedures are fully compliant with the GDPR before it comes into effect next year.

2| Use in-house procedures to ensure research data remains compliant

New regulations will cover all EU businesses, therefore the likelihood is that there’s already someone somewhere in your business that is looking into the consequences and developing a plan to bring internal procedures up to scratch.

However, ensuring that all data collected and processed by external suppliers is compliant is a time-consuming and costly operation. And if investigations throw up any security concerns that suppliers can’t address, it immediately puts your current VoC programs at risk.

If you’re not currently compliant, here’s what do do

The good news is, you have some breathing space as the General Data Protection Regulation doesn’t come into force until Mary 2018.

If you think that your current customer feedback program is covered by stringent security process, we suggest you raise concerns immediately. Now is the ideal time to start thinking about a new provider should your current supplier full short of what’s required.




James Clarke is an infomation security specialist with twelve years experience and supports all MARU Group companies to provide the tightest data security process in the market research industry.