On February 12, 2026, Reuters reported that Dutch telecom provider Odido had been hacked, with cyber criminals accessing sensitive data from around 6 million customer accounts.
The warning is clear: even large, well-resourced organizations are vulnerable to significant, large-scale cyber-attacks. This has to be a wake-up call to every organization that handles, processes and stores personal data.
What this means for market researchers
Market research is nothing without respondent data. The risks faced by market research companies in the event of a data breach could be catastrophic. From regulatory scrutiny under GDPR and possible financial penalties to reputational damage and loss of trust, everything is at stake.
Even when the data concerned does not include highly sensitive information like bank details, the GDPR still requires market research companies to implement appropriate technical and organizational safeguards.
The good news is that, here at NIPO, we never let our guard down when it comes to the security of our Nfield market research platform. We are fully committed to supporting our customers in meeting the legal obligations which protect both their respondents’ data and their business’ future.
ISO 27001:2022 – strengthened Nfield security
NIPO recently upgraded to ISO 27001:2022 certification – the leading international standard for information security management systems. This certification confirms that NIPO applies:
- A structured, risk-based security framework.
- Strict access controls and governance.
- Continuous monitoring and improvement.
For Nfield users, this provides independent assurance that the platform meets high international security standards.
Essential advice for market researchers
Using Nfield for your market research gives you the reassurance of a highly secure platform. But this is just the start. Maintaining data security is a shared responsibility. Your organization also needs to adopt best practices and put our security enablers to work.
Here’s what you need to do in Nfield to minimize data breach risks.
1. Keep intruders out: enable two-factor authentication (2FA)
Passwords can be compromised. Two-factor authentication adds a second verification step which blocks unauthorized access even if credentials are stolen. Enabling 2FA is one of the most effective ways to prevent attackers from logging into your Nfield domain.
2. Reduce sensitivity: practice data minimization
Restrict the data you collect to only what is absolutely necessary for your research objectives. The less personal data you store, the lower the risk.
As discussed in our GDPR guidance, within Nfield this means:
- Avoiding unnecessary personal variables.
- Defining data retention policies.
- Deleting identifiers once no longer needed.
3. Don’t keep all your eggs in one basket: store identifiers separately
Use the sample table to store personal identifiers instead of embedding them in survey responses.
This allows you to:
- Pseudonymize or anonymize sample data.
- Delete specific fields or interviews.
- Maintain precise control over retained data.
Separation reduces the impact of potential unauthorized access.
4. Minimize exposure: use automatic survey clean-up
The more data you’re storing, the greater the amount of damage in the event of a breach. There’s probably no need to keep hold of surveys that have become inactive. Nfield’s automatic survey clean-up feature deletes expired surveys, thereby keeping your exposure to a minimum. This both improves GDPR compliance and keeps your domain organized.
Clean environments are more secure environments.
Turning lessons into action
The breach affecting Odido is a stark reminder that cyber-attacks are an ever-present threat to organizations of any size.
For market researchers, being trusted to protect respondent data is everything.
Our advice for significantly reducing the risk of data exposure is to:
- Use an ISO 27001:2022 certified platform (such as Nfield).
- Enable Two-Factor Authentication.
- Practice data minimization.
- Store identifiers separately from associated data.
- Make use of automated clean-up.
And remember, security is not a one-time setup. It’s an ongoing discipline.
